Splunk Template
This template creates a configuration that reports the status of the remote device to Splunk. It can be found in the STATUS REPORT
category when filtered for LOCAL
platform.
deviceTRUST requires some simple but essential configuration steps to be performed to enable the template for your local environment. We will guide you step-by-step through simple deviceTRUST configuration steps to enable the template within your local environment.
We will perform the following steps:
Step 1: Prerequisites
If the required deviceTRUST components (Agent, Console and License) are not yet installed, please visit the Getting Started for Local guide and complete step 1 to 4 and then continue here with step 2 below.
Step 2: Contexts
The template has imported the following contexts:
Context | Description | Customizations |
---|---|---|
Antivirus Name | Evaluates the active antivirus product used on the local device. | None |
Antivirus Signature Status | Evaluates the signature status of the active antivirus product used on the local device. | None |
Antivirus Status | Evaluates the status of the active antivirus product used on the local device. | None |
Country | Evaluates the country in which the local device is located. | None |
Country Provider | Evaluates the country provider that reports the country of the local device. | None |
Device Identifier | Evaluates the device identifier of the local device. | None |
Device Type | Evaluates the device type of the local device. | None |
Economic Region | Evaluates the economic region the local device is located within. | None |
Firewall Name | Evaluates the available firewall product used on the local device. | None |
Firewall Status | Evaluates the status of the active firewall product used on the local device. | None |
Hardware Bios Release Date | Evaluates the hardware BIOS release date of the local device. | None |
Hardware Model | Evaluates the hardware model of the local device. | None |
Hardware Role | Evaluates the hardware role of the local device. | None |
Hardware Secure Boot | Evaluates the hardware secure boot settings of the local device. | None |
Hardware Vendor | Evaluates the hardware vendor of the local device. | None |
Network Address Assignment | Evaluates the network address assignment type of the local device. | None |
Network DHCP Server | Evaluates the network DHCP server of the local device. | None |
Network DNS Server | Evaluates the network DNS server of the local device. | None |
Network DNS Suffix | Evaluates the network DNS suffix of the local device. | None |
Network Gateway | Evaluates the network gateway of the local device. | None |
Network Gateway MAC | Evaluates the network gateway mac address of the local device. | None |
Network IP Address | Evaluates the network ip address of the local device. | None |
Network MAC Address | Evaluates the network MAC address of the local device. | None |
Network Subnet | Evaluates the network subnet of the local device. | None |
Operating System Description | Evaluates the operating system description of the local device. | None |
Operating System Disk Encryption | Evaluates the operating system disk encryption of the local device. | None |
Operating System Name | Evaluates the operating system name of the local device. | None |
Operating System Platform | Evaluates the operating system platform of the local device. | None |
Operating System Release | Evaluates the operating system release of the local device. | None |
Operating System Type | Evaluates the operating system type of the local device. | None |
Operating System Updates | Evaluates if a recent update search has been performed and that all updates have been installed on the local device. | None |
Operating System Version | Evaluates the operating system version of the local device. | None |
Override | Evaluates if the session user is member of the override AD group. | You can add one or more user groups from your Microsoft Active Directory (AD) to exclude group members from actions. |
Region Keyboard Locale | Evaluates the region keyboard locale of the local device. | None |
Region Locale | Evaluates the region locale of the local device. | None |
Region Timezone Offset | Evaluates the region timezone offset of the local device. | None |
Remote Controlled | Evaluates if the local device is remote controlled. | None |
Secure Screen Saver | Evaluates whether the local device is using a secure screen saver. | None |
Security State | Evaluates the security status of the local device. | None |
Session User Domain | Evaluates the user domain of the user account used within the session. | None |
Session User Name | Evaluates the user name of the user account used within the session. | None |
User Authentication | Evaluates the authentication of the user account used on the local device. | None |
User Privileges | Evaluates the privileges of the user logged into the local device. | None |
Virtualized | Evaluates if the local device is virtualized. | None |
VPN Connected | Evaluates if a network adapter of the local device is connected to a VPN network. | None |
Wi-Fi Security Mode | Evaluates if the local device is connected to a secure Wi-Fi network. | None |
- If a context is not needed, it can be deactivated or deleted. In addition, the corresponding task sequence within the relevant action must be deleted too.
Step 3: Actions
The template contains an active reporting action that submits the status of the local device to the appropriate source.
Action | Description | Default State | Customizations |
---|---|---|---|
Status Report - Splunk
|
Reports the status of the local device to Splunk.
|
Deactivated
|
You must update the following context condition with data suitable for your environment:
WEB REQUEST STATUS REPORT
When using Splunk for status reporting, replace YOUR_SPLUNK_SERVER:8088 and YOUR_SPLUNK_AUTH_TOKEN with your Splunk configuration. Example: dtldss02.demo.devicetrust.local:8088 |
- If the action have been disabled, the contexts will still be created.
Troubleshooting
If your deviceTRUST installation or configuration does not work as expected, you can use the Troubleshooting guide to start troubleshooting.