The Splunk integration sends security findings from VMware Aria Automation for Secure Clouds to an S3 bucket, where they can be incorporated into your Splunk instance like any other data.
Navigate to Settings > Integrations.
Under Splunk, select Add New.
Enter the name of your integration and the name of the S3 bucket you want to associate, and the S3 object prefix if desired. You may toggle the Enable switch to activate the integration after saving or leave it as-is and enable it later.
If you're an organization admin, you'll be prompted to select the context you want the integration to have access to (Organization or Project).
Follow the instructions to generate a new IAM role and enter both the IAM role ARN and external ID. Refer to the AWS IAM tutorial if you need more specific instructions to create an IAM role.
ImportantIf you decide to create a role manually from the AWS IAM dashboard, you must define an external ID value that matches your organization ID in VMware Aria Automation for Secure Clouds.
Click Test to verify a successful connection between the integration and your Splunk instance.
After receiving a successful response, click Save.
Once you have a working integration, you can create a Splunk alert to start sending findings data to your Splunk instance.