- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Team,
We actually want to send AWS Guard Duty logs to Splunk Cloud so what is the procedure to get it achieved since earlier we had an option i.e. Amazon GuardDuty Add-on for Splunk (https://splunkbase.splunk.com/app/3790) which is currently archived so do we have any add-on or app to collect the events and onboard the logs to Splunk.
So kindly help to check and update on the same.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It appears the the guardduty logs are collected via cloudwatch which this TA supports (https://splunkbase.splunk.com/app/1876), so this is most likely what you need.
I think the old TA's used ot be seperate and now they have been combined into this one TA.
See the different sourectypes - for you its aws:cloudwatchlogs:guardduty
https://docs.splunk.com/Documentation/AddOns/released/AWS/DataTypes
General info on thie TA
https://docs.splunk.com/Documentation/AddOns/released/AWS/Description
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It appears the the guardduty logs are collected via cloudwatch which this TA supports (https://splunkbase.splunk.com/app/1876), so this is most likely what you need.
I think the old TA's used ot be seperate and now they have been combined into this one TA.
See the different sourectypes - for you its aws:cloudwatchlogs:guardduty
https://docs.splunk.com/Documentation/AddOns/released/AWS/DataTypes
General info on thie TA
https://docs.splunk.com/Documentation/AddOns/released/AWS/Description
