SIEM SPLUNK | GuardDuty | AWS GuardDuty Integration with Splunk via AWS S3 Bucket

Описание: Hello Everyone, In this tutorial, I have explained one of the ways through which AWS Guard Duty finding can be integrated with Splunk. Initially, the AWS GuardDuty findings are sent to AWS S3 bucket which is encrypted using KMS (Key Management Service). Later, these findings are poll by Splunk from S3 bucket with the help of Splunk Add-On for AWS and AWS IAM account. I have divided the process into the below steps, which have been explained clearly in this tutorial.

03:40 Step 1 - Create IAM Policy with required permissions
08:01 Step 2 - Create AWS IAM User
09:42 Step 3 - Create a KMS key for data encryption
11:55 Step 4 - Configure GuardDuty to export guard duty findings to a new S3 Bucket
18:15 Step 5 - Installing “Splunk Add-On for AWS” on Splunk Instance
20:31 Step 6 - Configure Account section in Splunk Add-On
22:46 Step 7 - Configure AWS Add-On Inputs

***** WATCH OUT FOR BELOW LINKS MENTIONED IN THE SESSION *****
Splunk Add-On for AWS
https://splunkbase.splunk.com/app/1876/
GuarDuty Findings List
https://docs.aws.amazon.com/guardduty...
Export GuardDuty Findings Configuration
https://docs.aws.amazon.com/guardduty...

********** WATCH THIS SECTION FOR MY OTHER VIDEOS ***********

1. Launching AWS instance in AWS Console -    • AWS : How to Launch a Linux Instance  
2. Terraform Introduction and Installation -    • Launching AWS Instance using Terraform - P...  
3. Terraform code to set up basic infrastructure in AWS provider -    • Launching AWS Instance using Terraform - P...  
4. Terraform code to access the Instance using different methods -    • Launching AWS Instance using Terraform - P...