For sending GuardDuty to Splunk HEC via Kinesis, I noticed the lambda_function.py sets the source type to "aws:guardduty:firehose". This source type does not appear to be supported by the latest version of the Splunk_TA_aws add-on. Is this expected behavior?
First - thank you for the excellent resource!
For sending GuardDuty to Splunk HEC via Kinesis, I noticed the lambda_function.py sets the source type to "aws:guardduty:firehose". This source type does not appear to be supported by the latest version of the Splunk_TA_aws add-on. Is this expected behavior?
Thank you! Ed