What is the maximum recommended size for asset/identitylookups? https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/assetandidentityframework/ I've had issues with Splunk h...
When bringing in assets andidentities to Splunk ES via an input is there any value in separating the lookups by domain? When I bring in the identities from multiple sources the events are m...
Can any one help me in generating a lookup to dynamically add the Active Directory to the Splunk Enterprise Security - Assets andIdentity list? Had worked out for the the Identity part, but it w...
...s being used by Enterprise security assetandidenty managment. We desire to put in priority for these assets. Now when we do this manually, via lookup editor, next time the scheduled search r...
Hello,
We have issues to merge our dhcp_asset_list (made of dns record, mac and ip address) into the Asset & Identity Management subsystem.
I realize that there is a condition into a m...
Here is the link to the documentation page for the ES AssetandIdentities lookups:
http://docs.splunk.com/Documentation/ES/5.1.0/Admin/Formatassetoridentitylist#Asset_lookup_header
It states f...
...akes sense.
However, we do have assetlookups, and often, I find myself going into the ES Incident Review page, finding the affected system, and then doing my own search against the assetandidentity...
Hello, I am stuck on a query and need someone's help please. The goal of the query is to perform a lookup on column A and B which is a list of hostnames and FQDN's that are the targeted scope t...
As I was going through the AssetandIdentity Management manual, I couldn't see anything related to how to enrich the two lookup files assets_by_cidr.csv andassets_by_str.csv. F...