Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create a dashboard that runs searches against a CSV of devices in our subnet to display new/unauthorized devices?

crossap
Path Finder
‎03-25-2015 03:09 AM

Hi,

Sorry I am sure this is a noob question, but I am struggling after searching to find the best way to obtain the results I require.

I am in the process of trying to create a dashboard to meet the SANS 20 requirements and have been using http://www.splunk.com/web_assets/pdfs/secure/Splunk-and-the-SANS-Top-20-Critical-Security-Controls.p... to find the best way to meet each control.

Currently I am working on unauthorized devices and have setup asset discovery to scan our subnet which is fine. What I would like to do it to create a CSV or something else that the NMAP results are compared to and then display any devices that are not on the list. This will allow us to have easy visibility of new devices.

At the moment there is no asset DB/system and the CSV would be a manual process until an asset DB is purchased.

Any assistance or suggestions on the best way to either achieve the above or a better solution would be welcome.

thanks

Tags (3)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-25-2015 05:14 AM

Your CSV will serve as the asset DB until a formal DB is acquired. Build the CSV using your asset discovery mechanism. Write all discovered assets to the CSV then manually remove those that do not belong. Now you have something to which to compare for your reports. Of course, someone will have to update the CSV manually as assets are purchased and disposed.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Index This | What goes away as soon as you talk about it?

May 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...
Top