Detect Spike In AWS Security Hub Alerts For EC2 Instance
This search looks for a spike in number of of AWS security Hub alerts for an EC2 instance in 4 hours intervals
Detect Spike In AWS Security Hub Alerts For EC2 Instance Help
You must install the AWS App for Splunk (version 5.1.0 or later) and Splunk Add-on for AWS (version 4.4.0 or later), then configure your Security Hub inputs. The threshold_value should be tuned to your environment and schedule these searches according to the bucket span interval.
Open in Search