Amazon
Amazon Web Services provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis. These cloud computing web services provide various services related to networking, compute, storage, middleware, IOT, and other processing capacity, as well as software tools via AWS server farms. This frees clients from managing, scaling, and patching hardware and operating systems, and provides a way of obtaining large-scale computing capacity more quickly and cheaply than building an actual physical server farm.
Getting data in
Source | Add-ons and Apps | Guidance |
---|---|---|
AWS |
Splunk platform Splunk Enterprise Security Splunk SOAR |
Configuration
Use Cases |
CloudTrail |
Splunk SOAR |
CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. You can use it to log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. In the Common Information Model, CloudTrail log data is typically mapped to the Authentication and Change data models. CloudTrail data provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. It increases visibility into your user and resource activity by recording AWS Management Console actions and API calls so you can detect unusual activity. Configuration
Use cases |
CloudWatch |
Splunk platform |
CloudWatch is a service that provides data and actionable insights for AWS, hybrid, and on-premises applications and infrastructure resources. CloudWatch enables you to monitor your complete stack and leverage alarms, logs, and events data to take automated actions and reduce Mean Time to Resolution (MTTR). CloudWatch collects, aggregates, and summarizes compute utilization information like CPU, memory, disk, and network data, as well as diagnostic information like container restart failures, to help DevOps engineers isolate issues and resolve them quickly. CloudWatch gives you actionable insights that help you optimize application performance, manage resource utilization, and understand system-wide operational health. It allows you to perform historical analysis for cost optimization and derive real-time insights into optimizing applications and infrastructure resources. Configuration Use Case |
Elastic Kubernetes Service (EKS) |
Splunk Observability Cloud |
Amazon Elastic Kubernetes Service (Amazon EKS) is a managed container service to run and scale Kubernetes applications in the cloud or on-premises. Configuration Splunk Resources |
Identity and Access Management (IAM) |
Splunk SOAR |
AWS Identity and Access Management (IAM) provides fine-grained access control across all of AWS. With IAM, you can specify who can access which services and resources, and under which conditions. With IAM policies, you manage permissions to your workforce and systems to ensure least-privilege permissions. Use Cases |
Lambda |
Splunk SOAR |
Lambda is a compute service that lets you run code without provisioning or managing servers. Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring and logging. Configuration
Use Cases |
VPC Flow |
|
VPC Flow logs contain a comprehensive record of network traffic in and out of your AWS environment. By default, the record includes values for the different components of the IP flow, including the source, destination, and protocol. They are often used for troubleshooting connectivity issues across your VPCs, intrusion detection, or anomaly detection. In the Common Information Model, VPC flow log data is typically mapped to the Network Traffic Data model. Use Cases |
Kinesis Firehose |
Splunk platform |
Configuration |
Elastic Cloud Compute |
Splunk SOAR |
Use Cases |
Simple Storage Service (S3) |
Splunk SOAR |
Use Cases
|
Web Application Firewall |
Splunk platform Splunk SOAR |
|
Security Token Service |
Splunk SOAR |
|
Security Hub |
Splunk SOAR |
Use Cases |