forked from splunk/security_content
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathasset_tracking.yml
26 lines (26 loc) · 1.18 KB
/
asset_tracking.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
name: Asset Tracking
id: 91c676cf-0b23-438d-abee-f6335e1fce77
version: 1
date: '2017-09-13'
author: Bhavin Patel, Splunk
description: Keep a careful inventory of every asset on your network to make it easier
to detect rogue devices. Unauthorized/unmanaged devices could be an indication of
malicious behavior that should be investigated further.
narrative: This Analytic Story is designed to help you develop a better understanding
of what authorized and unauthorized devices are part of your enterprise. This story
can help you better categorize and classify assets, providing critical business
context and awareness of their assets during an incident. Information derived from
this Analytic Story can be used to better inform and support other analytic stories.
For successful detection, you will need to leverage the Assets and Identity Framework
from Enterprise Security to populate your known assets.
references:
- https://www.cisecurity.org/controls/inventory-of-authorized-and-unauthorized-devices/
tags:
analytic_story: Asset Tracking
category:
- Best Practices
product:
- Splunk Enterprise
- Splunk Enterprise Security
- Splunk Cloud
usecase: Security Monitoring