├── .gitignore ├── CloudWatchEvents-Firehose-Resources ├── sourceToSplunk.yml └── splunkDashboard.json ├── CloudWatchLogs-Firehose-Resources ├── cwlToSplunk.yml ├── lambda.py ├── splunkDashboard.json └── tests.py ├── CloudWatchMetrics-Firehose-Resources ├── cwMetricsToSplunk.yml ├── lambda.py ├── splunkDashboard-event.json ├── splunkDashboard-metric.json └── tests.py ├── LICENSE ├── S3-SQS-Lambda-Firehose-Resources ├── billingCURToS3.yml ├── cloudTrailToS3.yml ├── eventsInS3ToSplunk.yml ├── lambda.py ├── route53QueryLogsToS3.yml ├── sampleElbToS3.yml ├── splunkDashboard.json ├── ta_route53 │ ├── README │ ├── default │ │ ├── app.conf │ │ ├── props.conf │ │ └── transforms.conf │ ├── metadata │ │ └── default.meta │ └── static │ │ ├── appIcon.png │ │ ├── appIconAlt.png │ │ ├── appIconAlt_2x.png │ │ └── appIcon_2x.png ├── test-fixtures │ ├── sample-cloudtrail.json.gz │ ├── sample-route53Resolver.log.gz │ ├── sample-s3ServerAccess │ ├── sample-vpcflow.log.gz │ ├── testFile1.log │ ├── testFile1.log.gz │ └── testdir │ │ └── 123 │ │ ├── testFile2.log │ │ └── testFile2.log.gz ├── tests.py └── vpcFlowLogToS3.yml ├── Single Account CloudFormation ├── cloudTrail.yml ├── guardDuty.yml ├── iamAccessAnalyzer.yml ├── scdm-s3-pull.yml └── securityHub.yml ├── VPCFlowLogs-Firehose-Resources ├── kdfToSplunk.yml ├── splunkDashboard.json └── vpcFlowLogsToKDF.yml └── readme.md /.gitignore: -------------------------------------------------------------------------------- 1 | *.DS_Store 2 | *__pycache__* 3 | -------------------------------------------------------------------------------- /CloudWatchEvents-Firehose-Resources/sourceToSplunk.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/CloudWatchEvents-Firehose-Resources/sourceToSplunk.yml -------------------------------------------------------------------------------- /CloudWatchEvents-Firehose-Resources/splunkDashboard.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/CloudWatchEvents-Firehose-Resources/splunkDashboard.json -------------------------------------------------------------------------------- /CloudWatchLogs-Firehose-Resources/cwlToSplunk.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/CloudWatchLogs-Firehose-Resources/cwlToSplunk.yml -------------------------------------------------------------------------------- /CloudWatchLogs-Firehose-Resources/lambda.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/CloudWatchLogs-Firehose-Resources/lambda.py -------------------------------------------------------------------------------- /CloudWatchLogs-Firehose-Resources/splunkDashboard.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/CloudWatchLogs-Firehose-Resources/splunkDashboard.json -------------------------------------------------------------------------------- /CloudWatchLogs-Firehose-Resources/tests.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/CloudWatchLogs-Firehose-Resources/tests.py -------------------------------------------------------------------------------- /CloudWatchMetrics-Firehose-Resources/cwMetricsToSplunk.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/CloudWatchMetrics-Firehose-Resources/cwMetricsToSplunk.yml -------------------------------------------------------------------------------- /CloudWatchMetrics-Firehose-Resources/lambda.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/CloudWatchMetrics-Firehose-Resources/lambda.py -------------------------------------------------------------------------------- /CloudWatchMetrics-Firehose-Resources/splunkDashboard-event.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/CloudWatchMetrics-Firehose-Resources/splunkDashboard-event.json -------------------------------------------------------------------------------- /CloudWatchMetrics-Firehose-Resources/splunkDashboard-metric.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/CloudWatchMetrics-Firehose-Resources/splunkDashboard-metric.json -------------------------------------------------------------------------------- /CloudWatchMetrics-Firehose-Resources/tests.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/CloudWatchMetrics-Firehose-Resources/tests.py -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/LICENSE -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/billingCURToS3.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/billingCURToS3.yml -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/cloudTrailToS3.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/cloudTrailToS3.yml -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/eventsInS3ToSplunk.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/eventsInS3ToSplunk.yml -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/lambda.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/lambda.py -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/route53QueryLogsToS3.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/route53QueryLogsToS3.yml -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/sampleElbToS3.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/sampleElbToS3.yml -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/splunkDashboard.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/splunkDashboard.json -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/ta_route53/README: -------------------------------------------------------------------------------- 1 | App for props/transforms with AWS Route53 query logs -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/ta_route53/default/app.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/ta_route53/default/app.conf -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/ta_route53/default/props.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/ta_route53/default/props.conf -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/ta_route53/default/transforms.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/ta_route53/default/transforms.conf -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/ta_route53/metadata/default.meta: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/ta_route53/metadata/default.meta -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/ta_route53/static/appIcon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/ta_route53/static/appIcon.png -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/ta_route53/static/appIconAlt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/ta_route53/static/appIconAlt.png -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/ta_route53/static/appIconAlt_2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/ta_route53/static/appIconAlt_2x.png -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/ta_route53/static/appIcon_2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/ta_route53/static/appIcon_2x.png -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/test-fixtures/sample-cloudtrail.json.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/test-fixtures/sample-cloudtrail.json.gz -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/test-fixtures/sample-route53Resolver.log.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/test-fixtures/sample-route53Resolver.log.gz -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/test-fixtures/sample-s3ServerAccess: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/test-fixtures/sample-s3ServerAccess -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/test-fixtures/sample-vpcflow.log.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/test-fixtures/sample-vpcflow.log.gz -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/test-fixtures/testFile1.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/test-fixtures/testFile1.log -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/test-fixtures/testFile1.log.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/test-fixtures/testFile1.log.gz -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/test-fixtures/testdir/123/testFile2.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/test-fixtures/testdir/123/testFile2.log -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/test-fixtures/testdir/123/testFile2.log.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/test-fixtures/testdir/123/testFile2.log.gz -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/tests.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/tests.py -------------------------------------------------------------------------------- /S3-SQS-Lambda-Firehose-Resources/vpcFlowLogToS3.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/S3-SQS-Lambda-Firehose-Resources/vpcFlowLogToS3.yml -------------------------------------------------------------------------------- /Single Account CloudFormation/cloudTrail.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/Single Account CloudFormation/cloudTrail.yml -------------------------------------------------------------------------------- /Single Account CloudFormation/guardDuty.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/Single Account CloudFormation/guardDuty.yml -------------------------------------------------------------------------------- /Single Account CloudFormation/iamAccessAnalyzer.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/Single Account CloudFormation/iamAccessAnalyzer.yml -------------------------------------------------------------------------------- /Single Account CloudFormation/scdm-s3-pull.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/Single Account CloudFormation/scdm-s3-pull.yml -------------------------------------------------------------------------------- /Single Account CloudFormation/securityHub.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/Single Account CloudFormation/securityHub.yml -------------------------------------------------------------------------------- /VPCFlowLogs-Firehose-Resources/kdfToSplunk.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/VPCFlowLogs-Firehose-Resources/kdfToSplunk.yml -------------------------------------------------------------------------------- /VPCFlowLogs-Firehose-Resources/splunkDashboard.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/VPCFlowLogs-Firehose-Resources/splunkDashboard.json -------------------------------------------------------------------------------- /VPCFlowLogs-Firehose-Resources/vpcFlowLogsToKDF.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/VPCFlowLogs-Firehose-Resources/vpcFlowLogsToKDF.yml -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-aws-gdi-toolkit/HEAD/readme.md --------------------------------------------------------------------------------