Splunk® App for AWS (Legacy)

Installation and Configuration Manual

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of Splunk® App for AWS (Legacy). For documentation on the most recent version, go to the latest release.

Add an Amazon Inspector input for the Splunk App for AWS

Create an Amazon Inspector input to gather data about the Assessment Runs and Findings data in your AWS environment for display on the Inspector dashboard, as well as layer on your Topology dashboard.

Prerequisites

Before you can successfully configure an Amazon Inspector input, you need to:

1. Set up the Amazon Inspector service. See http://docs.aws.amazon.com/inspector/latest/userguide/inspector_settingup.html.

Note: This data source is only available in a subset of AWS regions, which does not currently include China or GovCloud. See the AWS documentation for a full list of supported regions: http://docs.aws.amazon.com/general/latest/gr/rande.html#inspector_region.

2. Make sure that the account friendly name you use to configure this input corresponds to an AWS Account Access Key ID or EC2 IAM role that has the necessary permissions to gather this data. If you have not already done this, see Configure your AWS permissions for the Splunk App for AWS in this manual.

Add a new Amazon Inspector input

1. In the app, click Configure in the app navigation bar.

2. Under Data Sources, in the Inspector box, click New input.

3. Select the friendly name of the AWS Account that you want to use to collect Amazon Inspector data. If you have not yet configured the account you need, click Add New Account to configure one now.

4. Enter one or more regions in the AWS Region box.

5. (Recommended) Configure a custom Index to override the default.

6. (Optional) Adjust the Interval for data collection in the Advanced Settings.

Once saved, the input begins collecting all assessment runs and findings data for the regions you selected. Collections starts immediately and then the add-on checks for updates every 60 seconds by default.

Edit or delete an Inspector input

You can view, edit, or delete your existing Inspector inputs from the Inspector Inputs screen.

1. In the app, click Configure in the app navigation bar.

2. Under Data Sources, in the Inspector box, click the link that tells you how many inputs you currently have configured for Inspector.

3. The Inspector Inputs screen displays a list of Inspector inputs, organized by the name auto-assigned to the input.

4. From here, you can click the names to open the individual inputs to edit them, or delete an input by clicking the trash can icon.

Last modified on 13 May, 2016
Add a CloudTrail input for the Splunk App for AWS   Add a CloudWatch input for the Splunk App for AWS

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.2.0, 4.2.1, 5.0.0, 5.0.1, 5.0.2

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters