This product has been deprecated and will reach End of Life on January 19th, 2022.
is a customized version of Enterprise Security Cloud (ESC) that focuses on simplifying the integration points between Splunk and Amazon Web Services (AWS) or Microsoft 365 services to offer a cloud-security-focused introductory security information and event management (SIEM). is available to customers though an AWS-MarketPlace monthly subscription, and streamlines the data collection process for AWS and Microsoft 365 data sources to detect malicious threats associated with user, asset (data, application, OS), and network activity.
The solution is for a company of any size that is looking for an easy to use security solution. Specifically for an AWS customer with an average of 20-50 AWS accounts that may or may not be created with an organizational unit (AWS calls this an OU) enabled.
Use this manual if you are a SOC Analyst who is looking to quickly onboard and use a security solution for AWS data. Also if you are a SOC Manager who is expecting a high quality experience that meets security compliance needs while keeping costs down.
Release notes for
This documentation applies to the following versions of Splunk® Security Analytics for AWS: 1.0.0