All Apps and Add-ons

[AWS Trumpet] Kinesis Firehose (no Public IP Address)

willadams
Contributor

We have our SPLUNK instance in a private AWS VPC.  We also have a separate HEC cluster in a private AWS VPC (logical separation).  I need to collect AWS Security Hub events into my HEC but reading through the notes, it indicates that I need to use Project Trumpet which will in turn use Kinesis Firehose.  Kinesis Firehose requires a public IP which is something that we don't want to do (we have been using older methods for pulling GuardDuty in for example).  Is there a way to use Trumpet and collect the same logs without having to expose the HEC to the internet (I know this can be segregated by way of Security Groups etc.) but I am trying to find a solution so that I don' t have to do this.  

Labels (3)
0 Karma
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...