We would like to bubble up alerts from Splunk to our alert management platform.
I see there are a couple of options, AWS SNS Topics, and a Webhook Alert.
With either of those there is a security issue, as it would require us to open an API or SNS Topic to the world.
What I would like is in the case of SNS, to know if there is an AWS Account or IP that I could restrict ingress? For the webhook I guess it could only be an IP restriction from the splunk hosts.
Also - if there is a better option / add-on available to increase security here I would be interested. I just haven't found anything other than "Observability Cloud" which we do not have a license for.