Asset and Identity Integration Service Solution Guide

This document is a service solution guide that outlines the integration of asset and identity data into Splunk Enterprise Security (ES) to enhance security event detection, triage, and resolution. It describes how the Splunk Asset and Risk Intelligence (ARI) application, when combined with Splunk ES, provides comprehensive asset visibility and accelerates investigations while reducing risk and compliance exposure. The guide details the prerequisites for implementing the service, including a healthy Splunk environment and compliant data sources. It also presents the structured approach taken during the project, which includes a discovery and design workshop to assess requirements, followed by the normalization and configuration of asset and identity data to align with the Splunk Common Information Model (CIM). Finally, the guide emphasizes the knowledge transfer phase, ensuring that users are equipped to operate and expand the functionality of the new framework effectively.