-
Notifications
You must be signed in to change notification settings - Fork 454
Expand file tree
/
Copy pathcount_of_assets_by_category.yml
More file actions
28 lines (28 loc) · 1.09 KB
/
count_of_assets_by_category.yml
File metadata and controls
28 lines (28 loc) · 1.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
name: Count of assets by category
id: dcfd6b40-42f9-469d-a433-2e53f7489ff9
version: 2
date: '2026-01-14'
author: Bhavin Patel, Splunk
type: Baseline
status: production
description: This search shows you every asset category you have and the assets that
belong to those categories.
search: '| from datamodel Identity_Management.All_Assets | stats count values(nt_host)
by category | sort -count'
how_to_implement: To successfully implement this search you must first leverage the
Assets and Identity framework in Enterprise Security to populate your assets_by_str.csv
file which should then be mapped to the Identity_Management data model. The Identity_Management
data model will contain a list of known authorized company assets. Ensure that all
inventoried systems are constantly vetted and updated.
known_false_positives: No false positives have been identified at this time.
references: []
tags:
analytic_story:
- Asset Tracking
detections:
- Detect Unauthorized Assets by MAC address
product:
- Splunk Enterprise
- Splunk Enterprise Security
- Splunk Cloud
security_domain: endpoint