Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
The next Integration encompasses the AWS & OCSF formats including number of AWS services such as:
AWS WAF Classic Web ACL traffic information
GuardDuty findings
Amazon Macie findings
Amazon Inspector findings
AWS IAM Access Analyzer findings
Alert logs
CloudTrail Insight Event
Configuration Snapshot
Config Rules
Real-time log
Text / Parquet Format
Text / Parquet Format
Network Load Balancer access logs
Classic Load Balancer access logs
Amazon Aurora(PostgreSQL)
Amazon RDS for MariaDB
Amazon RDS for MySQL
Amazon RDS for PostgreSQL
via CloudWatch Logs
/var/log/secure
via CloudWatch Logs
Security event log
via FireLens
Inventory
error log
error log
This integration is based on Akihiro Nakajima OpenSearch SIEM Repo and is inspired by the work done there
OCSF schema
The Open Cybersecurity Schema Framework is an open-source project, delivering an extensible framework for developing schemas, along with a vendor-agnostic core security schema. Vendors and other data producers can adopt and extend the schema for their specific domains. Data engineers can map differing schemas to help security teams simplify data ingestion and normalization, so that data scientists and analysts can work with a common language for threat detection and investigation. The goal is to provide an open standard, adopted in any environment, application, or solution, while complementing existing security standards and processes.
Screenshots
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.