Skip to main content
Splunk Lantern is currently being updated. If you notice anything unusual, it should resolve soon, but you can always report issues on our Community Slack. Thank you for your patience.

 

Splunk Lantern

Monitoring major cloud service providers

 

Many businesses operate in multi-cloud environments, utilizing services from various Cloud Service Providers (CSPs) like AWS, Azure, and GCP. However, managing and optimizing these diverse cloud resources efficiently can be a challenge. Organizations often struggle with limited visibility into their cloud environments, need help identifying what needs to be monitored, and find it overwhelming to manage sprawling resources and associated billing costs.

How to use Splunk software for this use case

The Infosec Multicloud App is designed to address most common security use cases, including continuous monitoring and security investigations. The new app is designed by our field team to help customers that have a cloud environment. In addition to views of security posture across cloud providers, the app includes a billing dashboard for a high level overview of costs spread across your various cloud providers.

You can find guidance on how to install and configure the app here.

You can also access webinars from Splunk experts specific to particular CSPs to help you learn how to use this app.

Security Posture dashboard

The security posture dashboard is your landing page for the app and offers extensible visibility into your multicloud environment. It provides an at-a-glance view of alerts, failed authentications, blocked traffic, and changes that have occurred over the past 24 hours, represented both in overall counts and timecharts. It includes drill-down functionality to automatically navigate to detailed dashboards with additional information. For example, clicking on alerts within a panel opens the Cloud Alerts dashboard to provide further additional context.

infosec-multicloud-security-posture.avif

Changes dashboard

You can find the Changes dashboard under the Continuous Monitoring menu. Here, you can track changes made to your cloud environments in a single place. This dashboard helps you visualize the types of changes being made, frequency, and number of people accessing items such as identities or instances within all of your cloud environments.

infosec-multicloud-changes.jpeg

Billing dashboard

This dashboard gives executives and people responsible for managing cloud costs a high-level overview of costs split by cloud providers and services they offer. It features the ability to view current and projected costs by leveraging Splunk’s native AI capabilities through the predict command. It also includes a panel that shows costs broken down by department that will populate when tying account or subscription IDs to department via a lookup.

infosec-multicloud-billing.avif

These are three of many dashboards in the Infosec Multicloud app that provide visibility for continuous monitoring, advanced threats, investigation, and health, which is a quick assessment of the sources and source types collected, along with acceleration status of the data models the app leverages.

Next steps

Need additional assistance with this app? Please reach out to your Account Team.

Splunk OnDemand Services: Use these credit-based services for direct access to Splunk technical consultants with a variety of technical services from a pre-defined catalog. Most customers have OnDemand Services per their license support plan. Engage the ODS team at ondemand@splunk.com if you would like assistance.