Skip to main content


Splunk Lantern

Network access control data


Network access or admission control is a form of client/endpoint security that uses a locally installed software agent to pre-authorize connections to a protected network. NAC screens client devices for contamination by known malware and adherence to security policies such as running an approved OS with the most recent patches. Clients that fail NAC screens are rerouted to an isolated quarantine network until any detected problems are corrected. NAC data provides security teams with a detailed profile of a client’s state and activity. It can provide details into unauthorized device connections and be used to correlate users/IP to a physical network location. In the Common Information Model, NAC data is typically mapped to the Network Sessions data model

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: