The AWS Gaurdduty app from Splunk is not pulling in S3 details, when they normally are included in Gaurdduty alerts. Normally, there would be a section for S3 details, when it is a part of an AWS Gaurdduty finding. AWS documentation can be seen here: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings-summary.html. Wanted to see if anyone else is experiencing this same issue. This occurs with on-poll/ingestion or if using the action to go get the findings.
... View more