forked from splunk/security_content
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathasset_tracking.yml
More file actions
34 lines (34 loc) · 1.41 KB
/
asset_tracking.yml
File metadata and controls
34 lines (34 loc) · 1.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
category:
- Best Practices
channel: ESCU
creation_date: '2017-06-01'
description: Keep a careful inventory of every asset on your network to make it easier
to detect rogue devices. Unauthorized/unmanaged devices could be an indication of
malicious behavior that should be investigated further.
detections:
- detection_id: dcfd6b40-42f9-469d-a433-2e53f7489ff4
name: Detect Unauthorized Assets by MAC address
type: splunk
id: 91c676cf-0b23-438d-abee-f6335e1fce77
maintainers:
- company: Splunk
email: bpatel@splunk.com
name: Bhavin Patel
modification_date: '2017-09-13'
name: Asset Tracking
narrative: This Analytic Story is designed to help you develop a better understanding
of what authorized and unauthorized devices are part of your enterprise. This story
can help you better categorize and classify assets, providing critical business
context and awareness of their assets during an incident. Information derived from
this Analytic Story can be used to better inform and support other analytic stories.
For successful detection, you will need to leverage the Assets and Identity Framework
from Enterprise Security to populate your known assets.
original_authors:
- company: Splunk
email: bpatel@splunk.com
name: Bhavin Patel
references:
- https://www.cisecurity.org/controls/inventory-of-authorized-and-unauthorized-devices/
spec_version: 2
usecase: Security Monitoring
version: '1.0'