.png?sv=2022-11-02&ss=b&srt=o&spr=https&st=2024-05-11T03%3A25%3A31Z&se=2024-05-11T03%3A35%3A31Z&sp=r&sig=hX2r8HyT4tKzRj2TQe8qVm4Y6OJm6Yo5aKjy8MQF5hI%3D){kind=logo}
Splunk - Create and Update Assets
- 28 Jan 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Splunk - Create and Update Assets
- Updated on 28 Jan 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Splunk - Create and Update Assets creates and/or updates assets in Splunk for:
- Assets that match the parameters of the selected saved query, and match the Enforcement Action Conditions, if defined, or assets selected on the relevant asset page.
Depending on the action selected, assets not in Splunk will be created and existing Splunk assets will be updated.
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
- Add description - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
- Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
Required Fields
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
Additional Fields
These fields are optional.
Host Name - The hostname of the Splunk search head.
Port - Specify the port of the Splunk system. It is recommended to use TCP port 8089. For more details, see Splunk Docs - Securing Splunk Enterprise.
Protocol (rdefault: HTTPS) - Select between HTTP and HTTPS protocols when using that specific adapter connection.
User Name and Password - The user name and password for an account that has read access to the API.
Note:If API Token is not supplied, these fields are required.
API Token - API token can be used instead of user name and password.
Note:If User Name and Password are not supplied, this field is required.
Action Choice - Select one of the following:
- Create - Create Splunk assets for the assets returned by the query.
- Update - Update existing Splunk assets returned by the query.
- Create and Update - Create and update Splunk assets for the assets returned by the query. Existing Splunk assets will be updated. Assets not already in Splunk will be created.
Exclude connections - From the list, select the adapter connections to ignore. You can select more than one.
Map Axonius fields to adapter fields - Use the Field Mapping Wizard to map Axonius fields to fields in external systems. In this way you can transfer data found in Axonius into the external system as part of the configuration of relevant enforcement actions. The wizard shows you which fields exist on the Axonius system, allowing you to map them easily.
Note:For details, see Axonius to External Field Mapping.
APIs
Axonius uses this SDK:
Was this article helpful?