Use the Splunk App for VMware Aria Automation for Secure Clouds to incorporate findings and other data into Splunk visualization tools

Splunk App for VMware Aria Automation for Secure Clouds combines the power of VMware Aria Automation for Secure Clouds's revolutionary interconnected cloud security model with Splunk's comprehensive analytics and reporting engine, providing information security teams deep insight into their cloud security and compliance posture. Through this app, security and compliance analysts and managers can easily visualize the timeline and distribution of vulnerabilities across accounts, cloud providers, services, etc., create customized dashboards and PDF reports for security posture management and follow ups, and integrate with important insights from VMware tools across the stack.

Download Here

Setup overview

Splunk app violations overview

You can install the Splunk App for VMware Aria Automation for Secure Clouds by downloading it from the application page on Splunkbase or by installing it from within Splunk. There are a few prerequisites:

VMware Aria Automation for Secure Clouds API Access Token
Python 3.x or greater
Pip (Python package manager)
Requests Library

Setup instructions

After installation, ensure that the VMware Aria Automation for Secure Clouds app appears in the list of apps and add-ons.
Create a new index called vss with the default settings.
In the json SourceType, change the Timestamp field to creationTime. This can be done by going to the advanced section in the json SourceType and entering creationTime as the value in the Timestamp fields.
(Optional) Find the csp-token.txt file in the vss-splunk-app/bin folder and replace your CSP token in there.
Run the vss4.py file to generate findings, rules, and compliance info using the command:
- If you placed your token in the csp-token.txt file, use the command:
```
python vss4.py
```
- Or run the script providing your CSP token inline:
```
python vss4.py -t TOKEN_VALUE
```
- If you see any errors, make sure you have all the prerequisites listed above.
Verify that new json files are created in the vss-splunk-app/bin/data folder.
Go to the VSS Splunk app dashboard, and you should see all the dashboards displaying your security data now.

For any assistance or questions, please send an email to: [email protected]

Dashboards

A set of customizable dashboards are provided in the Splunk App for VMware Aria Automation for Secure Clouds that enable users to gather great insight into their cloud environment's security and compliance posture. A Violations Overview dashboard presents a view of violations by various breakdowns such as service, region, severity, status, cloud account, etc., combined with filters for time range, service, severity, etc. Violations Overview dashboard is used by information security teams to understand and prioritize their vulnerabilities. A Rules Overview dashboard provides details of the rules configured in VMware Aria Automation for Secure Clouds, whether custom or native. Rule name, details, Knowledge Base links are available along with other metadata to better understand the impact of a rule violation. A Compliance Overview dashboard describes the compliance frameworks and controls covered through VMware Aria Automation for Secure Clouds. Governance, Risk and Compliance teams use this view for reporting around their cloud environment compliance. All dashboards support export as PDF and drill downs to explore the raw VMware Aria Automation for Secure Clouds data.

Conclusion

Splunk App for VMware Aria Automation for Secure Clouds provides comprehensive analytics and reporting capabilities on cloud configuration vulnerabilities to information security, SOC, and compliance management teams.