- Community
- :
- Splunk Answers
- :
- Splunk Premium Solutions
- :
- Security Premium Solutions
- :
- Splunk Enterprise Security
- :
- Re: AWS LOGS for SIEM
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi All, I am getting below AWS logs from customer but below logs are taking more than 50 % of license, so please could you find the below AWS sourcetype details and let me know which are required for security perspective ?
aws:cloudtrail
aws:cloudwatchlogs:vpcflow
aws:config
aws:config:notification
aws:config:rule
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
hi @vikkysplunk
please check this blog for the security use-cases, it is awesome!
this page is for the guardduty use-cases
https://www.chrisfarris.com/post/reinforce-threat-hunting/
and this link is for the cloudtrail
https://www.chrisfarris.com/post/reinvent2019-sec339/
confirmation solution or karma given is appreciated
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
hi @vikkysplunk
The sourcetype for the security content in AWS are:
aws:cloudtrail
aws:cloudwatchlogs:vpcflow
aws:config:rule
Also I suggest guardduty logs.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi, thanks for the below details..pls could you let me know have you created any use cases fir aws logs.. if yes please can you provide me that use case details.
thanks in advance
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
hi @vikkysplunk
please check this blog for the security use-cases, it is awesome!
this page is for the guardduty use-cases
https://www.chrisfarris.com/post/reinforce-threat-hunting/
and this link is for the cloudtrail
https://www.chrisfarris.com/post/reinvent2019-sec339/
confirmation solution or karma given is appreciated
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hello @aasabatini
Thanks for the below use case details and same way do you have any document for aws:cloudwatchlogs:vpcflow?
Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.
Earn $50 in Amazon cash!
Full Details! >
