Detect Spike In AWS Security Hub Alerts For User

Description

This search looks for a spike in number of of AWS security Hub alerts for an AWS IAM User in 4 hours intervals.

   Help

Detect Spike In AWS Security Hub Alerts For User Help

You must install the AWS App for Splunk (version 5.1.0 or later) and Splunk Add-on for AWS (version 4.4.0 or later), then configure your Security Hub inputs. The threshold_value should be tuned to your environment and schedule these searches according to the bucket span interval.

   Search

Open in Search