Splunk® Enterprise Security

Use Splunk Enterprise Security

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Network ACL Analytics in

Monitor your Amazon Web Services (AWS) network infrastructure for bad configurations and malicious activity. Investigative searches help you probe deeper, when the facts warrant it.

Network ACLs Dashboard

Use the Network ACLs Dashboard to monitor the network ACL activity in your AWS environment, including error events, the number of Network ACLs, activity over time, and the detailed list of error activities.

  1. From the menu bar, select Cloud Security.
  2. Click Network ACLs.

The Network Dashboard includes the following panels:

Panel Source Type Datamodel
Error Events aws:cloudtrail datamodel=Change.All_Changes

nodename=All_Changes.Network_Changes

Network ACL Actions aws:cloudtrail datamodel=Change.All_Changes

nodename=All_Changes.Network_Changes

Network ACL Activity Over Time aws:cloudtrail datamodel=Change.All_Changes

nodename=All_Changes.Network_Changes

Most Recent Network ACLs Activity aws:cloudtrail datamodel:"Change"."Network_Changes"
Network ACL Error Activity aws:cloudtrail datamodel:"Change"."Network_Changes"
Last modified on 19 January, 2022
User and Authentication Activity in   AWS Access Analyzer in

This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.1, 7.0.2, 7.1.0, 7.1.1, 7.1.2, 7.2.0, 7.3.0, 7.3.1, 7.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters