Lookups for the Splunk App for AWS Security Dashboards
The Splunk App for AWS Security Dashboards includes lookups that map data from AWS to support dashboard displays. The lookup files are located in $SPLUNK_HOME/etc/apps/splunk_app_aws_security/lookups.
Filename | Description |
---|---|
aws_security_all_eventName.csv | Maps IAM event names to an alert level and boolean for notable event status. |
aws_security_insights.csv | Maps the services (SGs,IAMs) to different severity levels based on service insights |
aws_security_regions.csv | Maps AWS region strings to latitude and longitude calculations and friendly names. |
aws_security_sg_ports.csv | Maps ports to risk based on their severity |
aws_security_unauthorized_errorCode.csv | Maps four variations on unauthorized error strings to a boolean value. |
aws_security_well_known_ports.csv | Maps name to port, protocol
|
Saved searches for the Splunk App for AWS Security Dashboards | Data models for the Splunk App for AWS Security Dashboards |
This documentation applies to the following versions of Splunk® App for AWS Security Dashboards: 1.1.1, 1.1.2
Feedback submitted, thanks!