Monitoring major Cloud Service Providers (CSPs)
Many businesses operate in multi-cloud environments, utilizing services from various Cloud Service Providers (CSPs) like AWS, Azure, and GCP. However, managing and optimizing these diverse cloud resources efficiently can be a challenge. Organizations often struggle with limited visibility into their cloud environments, need help identifying what needs to be monitored, and find it overwhelming to manage sprawling resources and associated billing costs.
How to use Splunk software for this use case
The Infosec Multicloud App is designed to address most common security use cases, including continuous monitoring and security investigations. The new app is designed by our field team to help customers that have a cloud environment. In addition to views of security posture across cloud providers, the app includes a billing dashboard for a high level overview of costs spread across your various cloud providers.
You can find guidance on how to install and configure the app here.
You can also access webinars from Splunk experts specific to particular CSPs to help you learn how to use this app.
- Multi-Cloud Monitoring Webinar – Amazon Web Services
- Multi-Cloud Monitoring Webinar – Azure
- Multi-Cloud Monitoring Webinar – Google Cloud Platform (GCP)
- Multi-Cloud Monitoring Webinar – Splunk Observability
Security Posture dashboard
The security posture dashboard is your landing page for the app and offers extensible visibility into your multicloud environment. It provides an at-a-glance view of alerts, failed authentications, blocked traffic, and changes that have occurred over the past 24 hours, represented both in overall counts and timecharts. It includes drill-down functionality to automatically navigate to detailed dashboards with additional information. For example, clicking on alerts within a panel opens the Cloud Alerts dashboard to provide further additional context.
Changes dashboard
You can find the Changes dashboard under the Continuous Monitoring menu. Here, you can track changes made to your cloud environments in a single place. This dashboard helps you visualize the types of changes being made, frequency, and number of people accessing items such as identities or instances within all of your cloud environments.
Billing dashboard
This dashboard gives executives and people responsible for managing cloud costs a high-level overview of costs split by cloud providers and services they offer. It features the ability to view current and projected costs by leveraging Splunk’s native AI capabilities through the predict
command. It also includes a panel that shows costs broken down by department that will populate when tying account or subscription IDs to department via a lookup.
These are three of many dashboards in the Infosec Multicloud app that provide visibility for continuous monitoring, advanced threats, investigation, and health, which is a quick assessment of the sources and source types collected, along with acceleration status of the data models the app leverages.
Next steps
Need additional assistance with this app? Please reach out to your Account Team.