Analytics Story: Asset Tracking

Date: 2017-09-13 ID: 91c676cf-0b23-438d-abee-f6335e1fce77 Author: Bhavin Patel, Splunk Product: Splunk Enterprise Security

Description

Keep a careful inventory of every asset on your network to make it easier to detect rogue devices. Unauthorized/unmanaged devices could be an indication of malicious behavior that should be investigated further.

Why it matters

This Analytic Story is designed to help you develop a better understanding of what authorized and unauthorized devices are part of your enterprise. This story can help you better categorize and classify assets, providing critical business context and awareness of their assets during an incident. Information derived from this Analytic Story can be used to better inform and support other analytic stories. For successful detection, you will need to leverage the Assets and Identity Framework from Enterprise Security to populate your known assets.

Detections

Name ▲▼	Technique ▲▼	Type ▲▼
Detect Unauthorized Assets by MAC address	None	TTP

Data Sources

Name ▲▼	Platform ▲▼	Sourcetype ▲▼	Source ▲▼

References

https://www.cisecurity.org/controls/inventory-of-authorized-and-unauthorized-devices/

Source: GitHub | Version: 1