Responding to assets and identities in Splunk Asset and Risk Intelligence

Take action on findings related to assets, identities, or the operational health of Splunk Asset and Risk Intelligence. Using the Response Management page, you can create automated or manual responses to discoveries such as compliance issues or identified risk. This helps you act quickly and consistently when the system discovers something in your environment.

For example, you can create a response that targets servers that haven't been vulnerability scanned. To do this, you can select the relevant metric as the response type, and then configure the response to identify non-compliant servers for that metric. In this case, the metric indicates whether a server has completed a vulnerability scan. Servers without a scan appear as non-compliant and trigger the response.

Response categories

When creating a response, you can choose from three categories of responses:

Response types

To create a response, you must select a response type. A response type is the set of conditions that must be met in order to trigger the response. For example, if you want to create a response based on assets that are not compliant with a particular metric, select Asset metric as the response type.

The following table includes the available response types:

Response actions

A response action is the action you schedule to occur when the conditions of the response are met. Each response you create can have more than one response action. For example, when the response conditions are met, you can send an email, log an event, and send a slack message all at once.

The available response actions reflect the alert actions installed on your Splunk platform environment. To see your existing alert actions or create new ones, see Alert actions.