System requirements for the Splunk App for AWS Security Dashboards
Because this app runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this app.
Splunk platform requirements
The Splunk App for AWS Security Dashboards runs on the following Splunk platforms:
- Splunk Cloud Platform 8.1.x and 8.2.x
- Splunk Enterprise 8.1.x, 8.2.x, and 9.0
If you plan to run this app in Splunk Cloud Platform only, there are no additional requirements.
- If you plan to manage on-premises heavy forwarders to get data in to Splunk Cloud Platform, see System Requirements in the Splunk Enterprise Installation Manual, which includes information about forwarders.
- If you plan to run this app in an on-premises deployment of the Splunk platform, see System Requirements in the Splunk Enterprise Installation Manual.
- If you plan to run this app in a self-managed AWS instance, there are no additional requirements. See Reference hardware in the Splunk Enterprise Capacity Planning Manual for sizing considerations specific to AWS.
Splunk Add-on for Amazon Web Services compatibility
The Splunk App for AWS Security Dashboards relies on the Splunk Add-on for Amazon Web Services version 5.0.4 or later. Both the add-on and the app need to be installed for the app to function.
For information about installing the Splunk Add-on for AWS, see Installation overview for the Splunk Add-on for AWS in the Splunk Add-on for AWS manual. Use the add-on setup and configuration user interface to link to your AWS account and configure data collection.
The following table describes Splunk Add-on for Amazon Web Services version compatibility with the supported versions of Splunk Enterprise:
Splunk version | Compatible Add-on version |
---|---|
8.1.x Python 3 | 5.0.4, 5.1.0, 5.2.0 |
8.2.x, 9.x | 5.0.4, 5.1.0, 5.2.0 |
The Addon Metadata - Summarize AWS Inputs
saved search is included in the Splunk Add-on for AWS and is disabled by default, but it is recommended that you enable this saved search on the add-on side. The saved search is used to aggregate inputs data into the summary index.
AWS region limitations
The Splunk Add-on for AWS Security supports all regions offered by AWS.
If you are in the AWS China region, the add-on only supports the services that AWS supports in that region. The China region does not support Config Rules, Inspector, CloudWatch Logs, or CloudFront services, nor does it offer CloudWatch metrics for ELB logs. For an up-to-date list of what products and services are supported in this region, see http://www.amazonaws.cn/en/products/.
If you are in the AWS GovCloud region, the add-on only supports the services that AWS supports in that region. The GovCloud region does not support Config Rules or Inspector at this time. For an up-to-date list of what services and endpoints are supported in this region, see the AWS documentation: about Services in AWS GovCloud (US) Regions - AWS GovCloud (US) at https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-services.html.
About the Splunk App for AWS Security Dashboards | Installing the app on Splunk Cloud Platform |
This documentation applies to the following versions of Splunk® App for AWS Security Dashboards: 1.0.0
Feedback submitted, thanks!