Federated Analytics and Splunk Enterprise Security

After you set up your Federated Analytics federated provider, you can combine your capability to search remote and natively ingested Amazon Security Lake datasets with the powerful threat detection and threat hunting features of Splunk Enterprise Security.

Use Federated Analytics with Splunk Enterprise Security to gain the following benefits:

• Unified visibility into your security operations center (SOC): Apply high-frequency detections and alerts to the Amazon Security Lake data that you ingest into your data lake indexes, while also running ad-hoc threat hunting federated searches over archives of older security data in its native ASL storage environment.
• Clever resource management: Fetch and analyze precisely the security data that you need to review from Amazon Security Lake and your data lake indexes on your Splunk Cloud Platform deployment, optimizing your Splunk Enterprise Security computational resources and focusing your efforts on high-value activities.
• Proactive incident tracking and resolution: Empower your organization to proactively detect, investigate, and respond to threats across all of your security data, wherever it is stored.

Configure Federated Analytics for Splunk Enterprise Security

Before Splunk Enterprise Security can take advantage of the benefits of Federated Analytics, you must follow a few steps to ensure that Splunk Enterprise Security and Federated Analytics can properly work together.

The instructions for facilitating the interface between Federated Analytics and Splunk Enterprise Security differ depending on the version of Splunk Enterprise Security you are using.

• If you use Splunk Enterprise Security 8.0 or higher, see Use Federated Analytics with Splunk Enterprise Security for threat detection in Amazon Security Lake (ASL) datasets in the Use Splunk Enterprise Security manual.
• If you use Splunk Enterprise Security 7.3.0, 7.3.1, or 7.3.2, see Use Federated Analytics with Splunk Enterprise Security for threat detection in Amazon Security Lake (ASL) datasets in the Use Splunk Enterprise Security manual for the relevant release version.