Splunk integrates with AWS Security Hub to accelerate detection, investigation and response

Splunk Inc. announced on Wednesday integrations with the newly launched Amazon Web Services (AWS) Security Hub. AWS Security Hub provides a comprehensive view to manage security alerts and automate compliance checks for AWS customers. Splunk Enterprise and Splunk Phantom integrations with the AWS Security Hub are designed to help customers further accelerate detection, investigation and response to potential threats within their AWS security environment.

Splunk can also leverage Amazon CloudWatch Events to provide customers with data directly from AWS Security Hub. From there, Splunk can monitor and identify potential threats across AWS Security products like Amazon GuardDuty, Amazon Inspector, and Amazon Macie directly in the Splunk platform.

Additionally, the Splunk integration enables serverless automation to gather findings from AWS Security Hub sending them to a HTTP Event Collector in the Splunk platform. With the Splunk Phantom App for AWS Security Hub, findings can be sent to Phantom for automated context enrichment with additional threat intelligence information or to perform automated response actions. By adding broader context to findings, security teams can make well-informed decisions and take action quickly.

To further expand the Splunk security solutions available for AWS customers, a Splunk Phantom AMI is now available on AWS Marketplace. Splunk Phantom makes it simple and straightforward to automate, orchestrate and respond to threats within AWS environments. AWS customers can launch the Splunk Phantom AMI on the AWS Marketplace.

“As organizations continue to migrate to the cloud, data is dispersed across various teams that need to ensure that they are monitoring and analyzing it in order to detect potential threats and respond to them quickly,” said Haiyan Song, senior vice president and general manager of security markets, Splunk. “Splunk’s support for AWS Security Hub allows our customers to take an analytics-driven approach to security, and to scale their security operations through automation and orchestration capabilities.”

“Today’s security teams are not only tasked with preventing security breaches and responding to potential threats, but they also need to be aware of the latest rules and regulations that allow their organizations to operate effectively and be in compliance,” said Dan Plastina, Vice President, Security and Services, Amazon Web Services. “We are working with Splunk to allow our customers to continue AWS Security Hub investigations in the Splunk platform and to initiate their Splunk Phantom automation playbooks.”


IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.