Detect Spike In AWS Security Hub Alerts For EC2 Instance

Description

This search looks for a spike in number of of AWS security Hub alerts for an EC2 instance in 4 hours intervals

   Help

Detect Spike In AWS Security Hub Alerts For EC2 Instance Help

You must install the AWS App for Splunk (version 5.1.0 or later) and Splunk Add-on for AWS (version 4.4.0 or later), then configure your Security Hub inputs. The threshold_value should be tuned to your environment and schedule these searches according to the bucket span interval.

   Search

Open in Search