Currently we are ingesting a big amount of AWS VPC FlowLogs in to the Splunk and I am wondering if there is any usage of them?
Maybe someone has to suggest some use cases for them?
@robertisimosAs a intial step you could install the Splunk Security Essentials (Splunk Security Essentials | Splunkbase) and checkout the security usescases for AWS VPC FlowLogs.
We actually have ES and there is nothing useful regarding VPC flow logs. 😞