- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
best way to build asset inventory and compliance
gdavid
Path Finder
02-23-2018
07:49 PM
i wanted to build a list of assets and based on periodic searches update items we are checking for compliance such as x,y,z software installed, av up to date, recent seen data from the splunk forwarder.
what is the best way to track this, is there a good database table type option in splunk? i could probably do something in a CSV, not sure if that scales well, i also saw notes about how it is not a good idea for frequent changes. I see KVstore but i'm nervous that the KV store is in this magical abyss that will corrupt or disappear on me.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
martin_mueller

SplunkTrust
02-24-2018
04:09 PM
A lot of those use cases are covered by Splunk Enterprise Security, it uses CSV files for its asset inventory: http://docs.splunk.com/Documentation/ES/5.0.0/Admin/Assetandidentitylookups
