Splunk® App for AWS Security Dashboards

Installation and Configuration Manual

Lookups for the Splunk App for AWS Security Dashboards

The Splunk App for AWS Security Dashboards includes lookups that map data from AWS to support dashboard displays. The lookup files are located in $SPLUNK_HOME/etc/apps/splunk_app_aws_security/lookups.

Filename Description
aws_security_all_eventName.csv Maps IAM event names to an alert level and boolean for notable event status.
aws_security_insights.csv Maps the services (SGs,IAMs) to different severity levels based on service insights
aws_security_regions.csv Maps AWS region strings to latitude and longitude calculations and friendly names.
aws_security_sg_ports.csv Maps ports to risk based on their severity
aws_security_unauthorized_errorCode.csv Maps four variations on unauthorized error strings to a boolean value.
aws_security_well_known_ports.csv Maps name to port, protocol
Last modified on 14 August, 2024
Saved searches for the Splunk App for AWS Security Dashboards   Data models for the Splunk App for AWS Security Dashboards

This documentation applies to the following versions of Splunk® App for AWS Security Dashboards: 1.1.1, 1.1.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters