Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

AWS GuardDuty Logs to Splunk Cloud

anandhalagaras1
Contributor
‎04-24-2024 04:10 AM

Hi Team,

 

We actually want to send AWS Guard Duty logs to Splunk Cloud so what is the procedure to get it achieved since earlier we had an option i.e. Amazon GuardDuty Add-on for Splunk (https://splunkbase.splunk.com/app/3790) which is currently archived so do we have any add-on or app to collect the events and onboard the logs to Splunk.

So kindly help to check and update on the same. 

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

deepakc
Builder
‎04-24-2024 04:23 AM

It appears the the guardduty logs are collected via cloudwatch which this TA supports (https://splunkbase.splunk.com/app/1876), so this is most likely what you need.

I think the old TA's used ot be seperate and now they have been combined into this one TA.

See the different sourectypes - for you its aws:cloudwatchlogs:guardduty
https://docs.splunk.com/Documentation/AddOns/released/AWS/DataTypes

General info on thie TA
https://docs.splunk.com/Documentation/AddOns/released/AWS/Description

View solution in original post

Reply
Solved! Jump to solution
Solution

deepakc
Builder
‎04-24-2024 04:23 AM

It appears the the guardduty logs are collected via cloudwatch which this TA supports (https://splunkbase.splunk.com/app/1876), so this is most likely what you need.

I think the old TA's used ot be seperate and now they have been combined into this one TA.

See the different sourectypes - for you its aws:cloudwatchlogs:guardduty
https://docs.splunk.com/Documentation/AddOns/released/AWS/DataTypes

General info on thie TA
https://docs.splunk.com/Documentation/AddOns/released/AWS/Description

Reply
Get Updates on the Splunk Community!

Buttercup Games Tutorial Extension - part 9

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games Tutorial Extension - part 8

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Introducing the Splunk Developer Program!

Hey Splunk community! We are excited to announce that Splunk is launching the Splunk Developer Program in ...
Top