Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to ingest AWS inspector logs in to Splunk cloud?

yr
Loves-to-Learn Everything
‎06-29-2023 06:09 PM

Hi 

We have Victoria splunk cloud for our splunk environment and and AWS cloud  for our linux environment.

we have deployed splunk using splunk cloud and like to ingest the inspector logs in to splunk.

if any one can share the tips be appreciated.

thanks

Yogesh Raj

Swaitchfly

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎06-30-2023 12:36 AM

Hi @yr,

at first you should check if AWS inspector logs is inside your AWS subscription.

Then you can use Data Manager or the Splunk Add-On for AWS (https://splunkbase.splunk.com/app/1876).

Here you can find a detailed instruction to use this last Add-On https://docs.splunk.com/Documentation/AddOns/released/AWS/Inspector

Ciao.

Giuseppe

0 Karma
Reply

yr
Loves-to-Learn Everything
‎07-11-2023 08:02 PM

Hi 

Please find my response.

at first you should check if AWS inspector logs is inside your AWS subscription.

===> How do i confirm that ? and document link ? or tips please ? 

Then you can use Data Manager or the Splunk Add-On for AWS (https://splunkbase.splunk.com/app/1876).

===> We have splunk add-on for aws installed. is that enough to move on ?

Here you can find a detailed instruction to use this last Add-On https://docs.splunk.com/Documentation/AddOns/released/AWS/Inspector

==> once above is reveal we can follow the instructions. 

again thank you so much

Yogesh

Switchfly

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-11-2023 11:21 PM

Hi @yr,

about my first question, you have to verify in your AWS subscription which are the services you enabled, I suppose that you could check this in your AWS console or asking to your AWS Sales Representative.

Data Manager is a very easy interface to ingest Cloud data, but if you haven't you can use the Splunk Add-On for AWS.

About instructions, I gave you the link to use the above Add-On.

In this url, you can find how to configure the AWS instance and the Splunk Add-On.

Ciao.

Giuseppe

 

0 Karma
Reply

yr
Loves-to-Learn Everything
‎07-11-2023 11:41 PM

Hello,,

thank you for your quick reply.

Yes we already have enabled aws inspector v2 in our aws cloud and we see vulnerability notification they inspector for all instances, ECRs and services.

we also have installed splunk add-on for AWS.

please share the link to configure and ingest inspector data/log in to splunk.

Thank you

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-11-2023 11:46 PM

Hi @yr,

try this:

https://docs.splunk.com/Documentation/AddOns/released/AWS/Description

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...