Use the Splunk App for CloudHealth Secure State to incorporate findings and other data into Splunk visualization tools

Splunk App for CloudHealth Secure State combines the power of CloudHealth Secure State's revolutionary interconnected cloud security model with Splunk's comprehensive analytics and reporting engine, providing information security teams deep insight into their cloud security and compliance posture. Through this app, security and compliance analysts and managers can easily visualize the timeline and distribution of vulnerabilities across accounts, cloud providers, services, etc., create customized dashboards and PDF reports for security posture management and follow ups, and integrate with important insights from VMware tools across the stack.

Download Here

Setup overview

Splunk app violations overview

You can install the Splunk App for CloudHealth Secure State by downloading it from the application page on Splunkbase or by installing it from within Splunk. There are a few prerequisites:

Setup instructions

  1. After installation, ensure that the CloudHealth Secure State app appears in the list of apps and add-ons.

  2. Create a new index called vss with the default settings.

  3. In the json SourceType, change the Timestamp field to creationTime. This can be done by going to the advanced section in the json SourceType and entering creationTime as the value in the Timestamp fields.

  4. (Optional) Find the csp-token.txt file in the vss-splunk-app/bin folder and replace your CSP token in there.

  5. Run the vss4.py file to generate findings, rules, and compliance info using the command:

    • If you placed your token in the csp-token.txt file, use the command:
      python vss4.py
      
    • Or run the script providing your CSP token inline:
      python vss4.py -t TOKEN_VALUE
      
    • If you see any errors, make sure you have all the prerequisites listed above.
  6. Verify that new json files are created in the vss-splunk-app/bin/data folder.

  7. Go to the VSS Splunk app dashboard, and you should see all the dashboards displaying your security data now.

For any assistance or questions, please send an email to: vss-splunk@vmware.com

Dashboards

A set of customizable dashboards are provided in the Splunk App for CloudHealth Secure State that enable users to gather great insight into their cloud environment's security and compliance posture. A Violations Overview dashboard presents a view of violations by various breakdowns such as service, region, severity, status, cloud account, etc., combined with filters for time range, service, severity, etc. Violations Overview dashboard is used by information security teams to understand and prioritize their vulnerabilities. A Rules Overview dashboard provides details of the rules configured in CloudHealth Secure State, whether custom or native. Rule name, details, Knowledge Base links are available along with other metadata to better understand the impact of a rule violation. A Compliance Overview dashboard describes the compliance frameworks and controls covered through CloudHealth Secure State. Governance, Risk and Compliance teams use this view for reporting around their cloud environment compliance. All dashboards support export as PDF and drill downs to explore the raw CloudHealth Secure State data.

Conclusion

Splunk App for CloudHealth Secure State provides comprehensive analytics and reporting capabilities on cloud configuration vulnerabilities to information security, SOC, and compliance management teams.

Splunk App for CloudHealth Secure State combines the power of CloudHealth Secure State's revolutionary interconnected cloud security model with Splunk's comprehensive analytics and reporting engine, providing information security teams deep insight into their cloud security and compliance posture. Through this app, security and compliance analysts and managers can easily visualize the timeline and distribution of vulnerabilities across accounts, cloud providers, services, etc., create customized dashboards and PDF reports for security posture management and follow ups, and integrate with important insights from VMware tools across the stack.

check-circle-line exclamation-circle-line close-line
Scroll to top icon