Splunk® App for AWS Security Dashboards

Installation and Configuration Manual

This documentation does not apply to the most recent version of Splunk® App for AWS Security Dashboards. For documentation on the most recent version, go to the latest release.

System requirements for the Splunk App for AWS Security Dashboards

Because this app runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this app.

Splunk platform requirements

The Splunk App for AWS Security Dashboards runs on the following Splunk platforms:

  • Splunk Cloud Platform 8.1.x and 8.2.x
  • Splunk Enterprise 8.1.x, 8.2.x, and 9.0

If you plan to run this app in Splunk Cloud Platform only, there are no additional requirements.

  • If you plan to manage on-premises heavy forwarders to get data in to Splunk Cloud Platform, see System Requirements in the Splunk Enterprise Installation Manual, which includes information about forwarders.
  • If you plan to run this app in an on-premises deployment of the Splunk platform, see System Requirements in the Splunk Enterprise Installation Manual.
  • If you plan to run this app in a self-managed AWS instance, there are no additional requirements. See Reference hardware in the Splunk Enterprise Capacity Planning Manual for sizing considerations specific to AWS.

Splunk Add-on for Amazon Web Services compatibility

The Splunk App for AWS Security Dashboards relies on the Splunk Add-on for Amazon Web Services version 5.0.4 or later. Both the add-on and the app need to be installed for the app to function.

For information about installing the Splunk Add-on for AWS, see Installation overview for the Splunk Add-on for AWS in the Splunk Add-on for AWS manual. Use the add-on setup and configuration user interface to link to your AWS account and configure data collection.

The following table describes Splunk Add-on for Amazon Web Services version compatibility with the supported versions of Splunk Enterprise:

Splunk version Compatible Add-on version
8.1.x Python 3 5.0.4, 5.1.0, 5.2.0
8.2.x, 9.x 5.0.4, 5.1.0, 5.2.0

The Addon Metadata - Summarize AWS Inputs saved search is included in the Splunk Add-on for AWS and is disabled by default, but it is recommended that you enable this saved search on the add-on side. The saved search is used to aggregate inputs data into the summary index.

AWS region limitations

The Splunk Add-on for AWS Security supports all regions offered by AWS.

If you are in the AWS China region, the add-on only supports the services that AWS supports in that region. The China region does not support Config Rules, Inspector, CloudWatch Logs, or CloudFront services, nor does it offer CloudWatch metrics for ELB logs. For an up-to-date list of what products and services are supported in this region, see http://www.amazonaws.cn/en/products/.

If you are in the AWS GovCloud region, the add-on only supports the services that AWS supports in that region. The GovCloud region does not support Config Rules or Inspector at this time. For an up-to-date list of what services and endpoints are supported in this region, see the AWS documentation: about Services in AWS GovCloud (US) Regions - AWS GovCloud (US) at https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-services.html.

Last modified on 15 June, 2022
About the Splunk App for AWS Security Dashboards   Installing the app on Splunk Cloud Platform

This documentation applies to the following versions of Splunk® App for AWS Security Dashboards: 1.0.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters