Security

How to ingest AWS inspector logs in to Splunk cloud?

yr
Loves-to-Learn Everything

Hi 

We have Victoria splunk cloud for our splunk environment and and AWS cloud  for our linux environment.

we have deployed splunk using splunk cloud and like to ingest the inspector logs in to splunk.

if any one can share the tips be appreciated.

thanks

Yogesh Raj

Swaitchfly

Labels (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @yr,

at first you should check if AWS inspector logs is inside your AWS subscription.

Then you can use Data Manager or the Splunk Add-On for AWS (https://splunkbase.splunk.com/app/1876).

Here you can find a detailed instruction to use this last Add-On https://docs.splunk.com/Documentation/AddOns/released/AWS/Inspector

Ciao.

Giuseppe

0 Karma

yr
Loves-to-Learn Everything

Hi 

Please find my response.

at first you should check if AWS inspector logs is inside your AWS subscription.

===> How do i confirm that ? and document link ? or tips please ? 

Then you can use Data Manager or the Splunk Add-On for AWS (https://splunkbase.splunk.com/app/1876).

===> We have splunk add-on for aws installed. is that enough to move on ?

Here you can find a detailed instruction to use this last Add-On https://docs.splunk.com/Documentation/AddOns/released/AWS/Inspector

==> once above is reveal we can follow the instructions. 

again thank you so much

Yogesh

Switchfly

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @yr,

about my first question, you have to verify in your AWS subscription which are the services you enabled, I suppose that you could check this in your AWS console or asking to your AWS Sales Representative.

Data Manager is a very easy interface to ingest Cloud data, but if you haven't you can use the Splunk Add-On for AWS.

About instructions, I gave you the link to use the above Add-On.

In this url, you can find how to configure the AWS instance and the Splunk Add-On.

Ciao.

Giuseppe

 

0 Karma

yr
Loves-to-Learn Everything

Hello,,

thank you for your quick reply.

Yes we already have enabled aws inspector v2 in our aws cloud and we see vulnerability notification they inspector for all instances, ECRs and services.

we also have installed splunk add-on for AWS.

please share the link to configure and ingest inspector data/log in to splunk.

Thank you

 

0 Karma

gcusello
SplunkTrust
SplunkTrust
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...