Network ACL Analytics in Splunk Enterprise Security

Monitor your Amazon Web Services (AWS) network infrastructure for bad configurations and malicious activity. Investigative searches help you probe deeper, when the facts warrant it.

Network ACLs Dashboard

Use the Network ACLs Dashboard to monitor the network ACL activity in your AWS environment, including error events, the number of Network ACLs, activity over time, and the detailed list of error activities.

  1. From the Splunk Enterprise Security menu bar, select Cloud Security.
  2. Click Network ACLs.

The Network Dashboard includes the following panels:

Panel Source Type Datamodel
Error Events aws:cloudtrail datamodel=Change.All_Changes

nodename=All_Changes.Network_Changes

Network ACL Actions aws:cloudtrail datamodel=Change.All_Changes

nodename=All_Changes.Network_Changes

Network ACL Activity Over Time aws:cloudtrail datamodel=Change.All_Changes

nodename=All_Changes.Network_Changes

Most Recent Network ACLs Activity aws:cloudtrail datamodel:"Change"."Network_Changes"
Network ACL Error Activity aws:cloudtrail datamodel:"Change"."Network_Changes"