SIEM SPLUNK | GuardDuty | AWS GuardDuty Integration with Splunk via AWS S3 Bucket

Hello Everyone, In this tutorial, I have explained one of the ways through which AWS Guard Duty finding can be integrated with Splunk. Initially, the AWS GuardDuty findings are sent to AWS S3 bucket which is encrypted using KMS (Key Management Service). Later, these findings are poll by Splunk from S3 bucket with the help of Splunk Add-On for AWS and AWS IAM account. I have divided the process into the below steps, which have been explained clearly in this tutorial. 03:40 Step 1 - Create IAM Policy with required permissions 08:01 Step 2 - Create AWS IAM User 09:42 Step 3 - Create a KMS key for data encryption 11:55 Step 4 - Configure GuardDuty to export guard duty findings to a new S3 Bucket 18:15 Step 5 - Installing “Splunk Add-On for AWS” on Splunk Instance 20:31 Step 6 - Configure Account section in Splunk Add-On 22:46 Step 7 - Configure AWS Add-On Inputs ***** WATCH OUT FOR BELOW LINKS MENTIONED IN THE SESSION ***** Splunk Add-On for AWS https://splunkbase.splunk.com/app/1876/ GuarDuty Findings List https://docs.aws.amazon.com/guardduty... Export GuardDuty Findings Configuration https://docs.aws.amazon.com/guardduty... ********** WATCH THIS SECTION FOR MY OTHER VIDEOS *********** 1. Launching AWS instance in AWS Console -    • AWS : How to Launch a Linux Instance   2. Terraform Introduction and Installation -    • Launching AWS Instance using Terraform - P...   3. Terraform code to set up basic infrastructure in AWS provider -    • Launching AWS Instance using Terraform - P...   4. Terraform code to access the Instance using different methods -    • Launching AWS Instance using Terraform - P...