All Apps and Add-ons

AWS Addon - GET events not showing info they are GETting

vhale404
New Member

Splunk is populating with all of the logs from aws, but GET events like GetBucketPolicy, GetBucketAcls, etc. aren't populating with the information they are "GETting." Here's an example of what my queries look like:

 

requestParameters: {

     Host: Blah.us-east-1.amazonaws.com

     acl:

     bucketName: Blah

}

 

The SET events seem to have those fields filled out though. But all the GET ones have a blank in the requestParameters. I wasn't able to find anything on this in the docs for the addon.

Labels (1)
Tags (2)
0 Karma
Get Updates on the Splunk Community!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...