AWS | Security Hub | Splunk | Integrating AWS Security Hub with Splunk via Amazon Event Bridge

Описание: Amazon AWS provides various services helping an organization achieve its security controls and objectives. Still, there is always a requirement from the organization to collate the alerts from various security services and provide them in a single window or pane and Amazon AWS Service “Security Hub” emerged as a saviour.

Please find the below topics covered in this video

01:29 Visualizing Integration Data Flow
02:31 Amazon Event Bridge
03:48 Visualizing Amazon Event Bridge
05:14 Hands-On Steps
05:32 Hands-On - Understanding Security Hub and its Configuration
09:58 Hands-On - IAM Account and Policy Creation
13:25 Hands-On - Creation of “Rule” in Amazon EventBridge (formerly known as CloudWatch Events)
15:32 Hands-On -View created Cloud watch Log Groups
16:08 Hands-On - Enable Guard Duty and generate Sample findings
17:30: Hand-On - Install the Splunk Add-On “Splunk Add-On Amazon Web Services”
18:06 Hand-On - Configure the IAM account on Splunk Add -On
20:20 Hands-On - Configure the Input on Splunk Add-On
24:12 Hands-On - Demo - Creating a custom policy with resource restriction
27:58 Hands-On - Validating Security Hub logs in Splunk

****** WATCH OUT FOR THE BELOW SECTION FOR LINKS MENTIONED IN THE SESSION *****

AWS Doc - Introducing AWS Security Hub
https://aws.amazon.com/about-aws/what...
AWS Doc - AWS Cloud security products
https://aws.amazon.com/products/secur...
AWS Doc - Security Hub User Guide
https://docs.aws.amazon.com/securityh...

********** WATCH THIS SECTION FOR MY OTHER VIDEOS ***********

1. Launching AWS instance in AWS Console -    • AWS : How to Launch a Linux Instance  
2. Terraform Introduction and Installation -    • Launching AWS Instance using Terraform - P...  
3. Terraform code to set up basic infrastructure in AWS provider -    • Launching AWS Instance using Terraform - P...  
4. Terraform code to access the Instance using different methods -    • Launching AWS Instance using Terraform - P...  
5. SIEM SPLUNK | GuardDuty | AWS GuardDuty Integration with Splunk via AWS S3 Bucket -
   • SIEM SPLUNK | GuardDuty | AWS GuardDuty In...  
6. SPLUNK | SQS | EVENT BRIDGE | GuardDuty | Amazon SQS Queue to Onboard GuardDuty Findings to Splunk
   • SPLUNK | SQS | EVENT BRIDGE | GuardDuty | ...  
7. AWS | Security Hub | Introducing Security Hub | Single platform for all Cloud Security services
   • AWS | Security Hub | Introducing Security ...