Splunk® Security Analytics for AWS

User Manual

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF


This product has been deprecated and will reach End of Life on January 19th, 2022.

is a customized version of Enterprise Security Cloud (ESC) that focuses on simplifying the integration points between Splunk and Amazon Web Services (AWS) or Microsoft 365 services to offer a cloud-security-focused introductory security information and event management (SIEM). is available to customers though an AWS-MarketPlace monthly subscription, and streamlines the data collection process for AWS and Microsoft 365 data sources to detect malicious threats associated with user, asset (data, application, OS), and network activity.

The solution is for a company of any size that is looking for an easy to use security solution. Specifically for an AWS customer with an average of 20-50 AWS accounts that may or may not be created with an organizational unit (AWS calls this an OU) enabled.

Use this manual if you are a SOC Analyst who is looking to quickly onboard and use a security solution for AWS data. Also if you are a SOC Manager who is expecting a high quality experience that meets security compliance needs while keeping costs down.

Last modified on 06 January, 2022
Release notes for

This documentation applies to the following versions of Splunk® Security Analytics for AWS: 1.0.0

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters