In Splunk,lookup tablesare the preferred method for enriching raw event data with additional contextual information such as ASN (Autonomous System Number) and IP ownership. By importing a lookup table that maps IP addresses to ASNs and owners, analysts can perform lookups during searches to append this valuable metadata.
Therexcommand is used for extracting patterns from raw text but does not provide enrichment.
oval commandsandmakersanitaare not valid Splunk commands related to ASN enrichment.
Splunk documentation and theCybersecurity Defense Analyst Study Guiderecommend configuring IP-to-ASN lookups to augment network security data for better attribution and threat hunting.
[Reference:, Splunk Docs: Lookup Tables and External Lookups, Splunk Cybersecurity Defense Analyst Study Guide, Chapter 5: Data Enrichment, Splunk Security Essentials Documentation, , ]
Submit