User and Authentication Activity in
Monitor your Amazon Web Services (AWS) user activity to uncover suspicious behaviors that may be associated with malicious activity, such as activity spikes or unusual events.
Use the IAM Activity Dashboard
Use the IAM Activity Dashboard to monitor user activity in your environment, including the error events, which users have the most activity, activity over time, and the detailed list of error activities.
- From the menu bar, select Cloud Security.
- Click IAM Activity.
The IAM Activity Dashboard includes the following panels:
|Activity by User||
|IAM Actions Over Time||
|Success vs. Failure Activity||
|Most Recent IAM Activity||
|IAM Error Activity||
Take action on user and authentication activity spikes or unusual events. See Overview of securing your cloud environment in Splunk Security Analytics for AWS.
Filter your panel results
You can filter the results that you see in the dashboard panels.
|Account ID||Specify one or more of the data account IDs that you chose during onboarding.|
|Regions||Specify one or more of the data source regions that you chose during onboarding.|
|Status||Choose from the following statuses:
|Action||Choose from the following actions:
|Time Range||Define the time range of a search with the time range picker.|
Work with panel drilldown options
For further details, you can drill down into all the panels in your dashboards. Click on a panel to see the drilldown options appear.
|Open in Search||Open a search bar in Splunk Web to see the SPL syntax for populating the panel with data. If applicable, these searches incorporate the |
|Open Events in Search||Open a search bar in Splunk Web to see the SPL syntax for viewing the top 100 raw events that are ingested. If applicable, these searches incorporate the |
|Export||Download a .png file of the panel results.|
|Refresh||Update the results of the panel.|
Security Groups for your VPC in
Network ACL Analytics in
This documentation applies to the following versions of Splunk® Security Analytics for AWS: 1.0.0