Welcome to SecKit SA IDM Common’s documentation!

Success Enablement Content “SecKit” apps for Splunk are designed to accelerate the tedious or difficult tasks. This application IDM Common is an add on for Splunk Enterprise Security designed to identify basic network and enrich the with information that is useful to security incident detection and response as well as compliance tracking. Following through the quick start you will be able to answer important questions for a single subnet.

  • Where is the asset based on src and or dest ip?
  • What is the zone of the network?
  • What type of facility is the asset located in?

Before you get started

  • Complete Splunk Enterprise Security Administration training
  • Review the current Assets and Identities section of the Administration Manual
  • Review the use of lookup data in Splunk
  • CIDR notation splunk required all notations to be correct i.e. 10.0.0.0/16 NOT 10.0.0.1/16 and less than 32 bits.

Support