Security Groups for your VPC in
Monitor security groups your Amazon Web Services (AWS) environment so that you have visibility into your virtual firewalls and can manually detect any suspicious activity.
Security Group Dashboard
Use the Security Group Dashboard to monitor security group activity in the AWS environment, including error events, number of security groups and rules, any unused security groups, activity over time, and the detailed list of error activities.
The Security Groups and Security Group Rules panels are snapshots based on the AWS lambda ingestion interval of three hours. If no events occur during that interval, your dashboards continue to show data based on the last snapshot from three hours ago. Also, if no events occur during the time you've chosen in the time range picker, such as one hour, your dashboards still show data based on the last snapshot from three hours ago. See Data Ingestion Mechanisms and Intervals in Data Manager in the Data Manager User Manual.
- From the menu bar, select Cloud Security.
- Click Security Groups.
The Security Group Dashboard includes the following panels:
|Security Group Rules||
|Security Group Actions||
|Security Group Activity Over Time||
|Most Recent Security Group Activity||
|Most Recent Authorize and Revoke Activity||
|Security Group Error Activity||
Filter your panel results
You can filter the results that you see in the dashboard panels.
|Account ID||Specify one or more of the data account IDs that you chose during onboarding.|
|Regions||Specify one or more of the data source regions that you chose during onboarding.|
|Status||Choose from the following statuses:
|Time Range||Define the time range of a search with the time range picker.|
Work with panel drilldown options
For further details, you can drill down into all the panels in your dashboards. Click on a panel to see the drilldown options appear.
|Open in Search||Open a search bar in Splunk Web to see the SPL syntax for populating the panel with data. If applicable, these searches incorporate the |
|Open Events in Search||Open a search bar in Splunk Web to see the SPL syntax for viewing the top 100 raw events that are ingested. If applicable, these searches incorporate the |
|Export||Download a .png file of the panel results.|
|Refresh||Update the results of the panel.|
Overview of Cloud Security dashboards in
User and Authentication Activity in
This documentation applies to the following versions of Splunk® Security Analytics for AWS: 1.0.0