Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create a dashboard that runs searches against a CSV of devices in our subnet to display new/unauthorized devices?

crossap
Path Finder
‎03-25-2015 03:09 AM

Hi,

Sorry I am sure this is a noob question, but I am struggling after searching to find the best way to obtain the results I require.

I am in the process of trying to create a dashboard to meet the SANS 20 requirements and have been using http://www.splunk.com/web_assets/pdfs/secure/Splunk-and-the-SANS-Top-20-Critical-Security-Controls.p... to find the best way to meet each control.

Currently I am working on unauthorized devices and have setup asset discovery to scan our subnet which is fine. What I would like to do it to create a CSV or something else that the NMAP results are compared to and then display any devices that are not on the list. This will allow us to have easy visibility of new devices.

At the moment there is no asset DB/system and the CSV would be a manual process until an asset DB is purchased.

Any assistance or suggestions on the best way to either achieve the above or a better solution would be welcome.

thanks

Tags (3)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-25-2015 05:14 AM

Your CSV will serve as the asset DB until a formal DB is acquired. Build the CSV using your asset discovery mechanism. Write all discovered assets to the CSV then manually remove those that do not belong. Now you have something to which to compare for your reports. Of course, someone will have to update the CSV manually as assets are purchased and disposed.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top