We have Security Hub data centralized from all our accounts and have now connected Data Manager to that central account so we can get all Security Hub findings into Splunk Cloud. I have noticed that the data coming in has a basic parser but it isn't separating the different streams, i.e. GuardDuty, Config, etc. Is there a way to properly parse and tag all this data from the Security Hub feed so that it will populate all dashboards and data models etc.?
... View more