Hi, has anyone worked with Assets and identity from Splunk Enterprise Security?
I already have the App "Splunk Supporting Add-on for Active Directory" installed
From the app I do connection tests and they are successful but when I enter Splunk ES I do not see Assets and Identity information
What should I check?
Hi,
Is this the part you're doing?
https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Verifyassetandidentitydata
Based on these?
https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Addassetandidentitydata#Use_LDAP_to_register_da...
Yes, that is what I need but it is not very clear to me, I need support from someone who can guide me since the documentation is not very clear
at this moment I know that I must enter the tab "Data on Boarding"
but it is not clear to me that I must fill out the form
One approach you could follow
1.using the LDAP/AD addon that you have pull all the required fields for asset and identity. On to a temp index
2. Using the events from temp index, create, format and validate the fields and create required lookups.
3. Update asset/identity inputs/macros to your custom lookups
Thanks for your answer, because there is no more specific documentation on what are the values that I could put in that form, could you give me an example of how to fill those fields?