Requirements
Super Admin access to your organization in Jamf Security Cloud to retrieve the credentials for the AWS S3 bucket.
Note:These configuration settings are provided for information only and are not guaranteed to work with all versions of Splunk. If you require assistance, contact Jamf Support.
- In Splunk, navigate to .
- Search for and install the Splunk Add-on for Amazon Web Services.
Splunk Add-On for AWS is added to the list of available apps.
- In Jamf Security Cloud, navigate to .
- Select Threat Events Stream.
- Select the AWS S3 tab in the Streaming Target area.
- Retrieve the credentials for the AWS S3 bucket.
Note: If you cannot see the credentials, then you are not a Super Admin of your organization in Jamf Security Cloud, and you will not be able to proceed.
- If secure logs are not already being exported to the S3 bucket, click Export to begin the process.
- In Splunk, select .
If this is the first time you have configured this app, you will be prompted to create an account.
- Click Add on the Account tab.
- Complete the fields with the following values:
- Name —Jamf
- Username —The AWS access key
- Password —The AWS secret key
- Region Category —Global
- Click Add.
The account is configured and Splunk can access the AWS S3 bucket.