Introducing Splunk Security Analytics for AWS

At Splunk, we’ve traditionally seen larger organizations more so than smaller ones benefit from our security analytics capabilities. It comes down to resources: larger firms can build larger security teams staffed with domain experts, afford premium tools, and devote time and budget to retaining professional services consultants for help with implementations. Smaller firms have to get the job done without those perks. 

That’s why we’re thrilled to announce the availability of Splunk Security Analytics for AWS, a solution designed specifically for lean security teams running on Amazon Web Services (AWS). Available exclusively in AWS Marketplace, the offering gives smaller security teams an accessible way to harness the power of Splunk.

Security Analytics Simplified for Lean Teams Running on AWS

Security Analytics Simplified for Lean Teams Running on AWS

Built on the foundation of Splunk’s market-leading security technologies, Splunk Security Analytics for AWS packages Splunk’s powerful threat detection and investigation capabilities in an easy-to-buy, easy-to-use way. The offering’s new data onboarding process helps teams strapped for time and resources get up and running quickly. Its pre-built, AWS-specific detections and dashboards provide deep, centralized visibility into AWS environments, accelerating threat detection and investigation. No more switching to-and-from multiple consoles — the offering augments the value of existing AWS security services and other security data sources by centralizing data and applying detections and visualizations. The offering makes detecting and investigating threats easier for smaller security teams in several ways: 

Rapidly Onboard Security Data Into Splunk

We built a hassle-free data onboarding wizard to minimize the time and manual input needed to go from subscribing to the solution in AWS Marketplace to uncovering security insights. The solution currently correlates information across several AWS data sources — Amazon GuardDuty, AWS CloudTrail, AWS Security Hub, AWS Identity and Access Management (IAM) Access Analyzer, and AWS IAM credential reports — and Microsoft 365. 


Rapidly onboard security data into Splunk

Detect Threats Faster with Pre-Built Correlations

Pre-written, AWS-specific threat detections come enabled with Splunk Security Analytics for AWS. Splunk’s Threat Research Team crafted these detections to help you uncover threats such as anomalous EC2 and S3 modifications, suspicious login behavior and user provisioning, insecure network configurations, and much more. Along with detections, we provide end-to-end security guides — or Analytic Stories — to give you context on activity that certain detections look for, how to implement those detections, how detections map to industry frameworks like MITRE ATT&CK®, and much more. Leverage the best of Splunk’s AWS-focused detection content from day one.

Detect Threats in AWS Faster with Splunk

Visualize Your AWS Security Posture with Pre-Built Dashboards

We’ve built AWS-specific dashboards that start lighting up soon after completing the onboarding wizard; no need to build them yourself. Using data from AWS’ security solutions as their foundation, these dashboards display everything from detected threats and organization-wide alert trends to IAM, Network Access Control List (ACL), Security Group, and Microsoft 365-specific insights. Skip the weeks or months of manually configuring a legacy solution or paying professional services personnel to do it for you. Splunk Security Analytics for AWS presents a unified view of your AWS environment within hours of getting started.

Visualize Your AWS Security Posture with Splunk

Swiftly Determine Root Cause

Say goodbye to inconsistent, piecemeal security investigations and instead conduct swift and structured investigations using our Investigation Workbench. The Investigation Workbench is a dedicated tool in the offering that serves as your team’s hub for security investigations: you can add relevant information to an investigation as you explore your data in Splunk, and use the Investigation Workbench for detailed analysis, incident timeline construction and visualization, and more. The Investigation Workbench allows you to examine high-value data from AWS’ security services and Microsoft 365 in new and revealing ways, reducing your team’s time to investigate and respond to threats.

Swiftly Determine Root Cause in AWS with Splunk

Get Started with Splunk Security Analytics for AWS

We’re so excited to bring smaller security teams the benefits of our security analytics capabilities as a cloud service. You can get started with the solution in AWS Marketplace at an attractive introductory price of $100 per month*. Beyond the introductory period, the solution continues to offer pay-as-you-go pricing at a low monthly rate. Learn more about the solution on or by watching our videos on onboarding data and detecting and investigating threats in Splunk Security Analytics for AWS. You can also check out our product brief for additional information on the offering.

Happy Splunking!

*All orders for the offerings made through October 31, 2021 (the “promotional period”) are offered by Splunk at a promotional rate of $100.00 USD per term up to the capacity stated in the AWS Marketplace listing. Please see the End User License Agreement for full details.

Jane Wong
Posted by

Jane Wong

Jane is the VP of Products for the Splunk security product portfolio, including Splunk Enterprise Security (SIEM), Splunk Phantom (SOAR), Splunk User Behavior Analytics (UEBA), and several emerging cloud security services that are foundational to the pursuit of Splunk’s disruptive vision to make machine data accessible, usable, and valuable for everyone. At Splunk we are committed to our strong sense of purpose to deliver "aha" moments for our customers based on their data.

Jane is passionate about security and over the past decade has led teams building market-leading products in Data Loss Prevention, Network and Endpoint security. Most recently, Jane led the email product portfolio as the VP of Engineering and Product Management at Symantec. Earlier in her career, Jane held various engineering roles at enterprise technology companies, earning several patents. Jane holds a BS from the University of London.


Introducing Splunk Security Analytics for AWS

Show All Tags
Show Less Tags

Join the Discussion