There are instances when AWS SNS is used to publish Deep Security events. From SNS, the event can be forwarded to an AWS S3 bucket and then finally passed to Splunk.
Follow these steps:
- Follow the KB article on Publishing Deep Security events to Amazon S3 Bucket using SNS and Lambda.
- On your Splunk console, add the Splunk Add-on for AWS.
- Add your AWS Account.
- Create a new Input.