Hi,
We have a test setup for Splunk enterprise (in single instance) to receive Cloudtrail and was able to fulfill this using Splunk App for AWS. Now we would like to to send the collected data from Splunk into Arcsight. I read that we can do that by using Splunk forwarders, but not certain on what type of forwarder to use (like heavy, enterprise or universal...). Basicall, we want to send all collected data, be it in CEF or unparsed. What is the best path to do this, and can you point me to some documentation?
Thanks in advance
↧