Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOC]: Update Mappings to support Open Cybersecurity Schema Framework (OCSF) #4500

Closed
5 tasks
praveensameneni opened this issue Jul 6, 2023 · 4 comments · Fixed by #4549
Closed
5 tasks

[DOC]: Update Mappings to support Open Cybersecurity Schema Framework (OCSF) #4500

praveensameneni opened this issue Jul 6, 2023 · 4 comments · Fixed by #4549
Assignees
@cwillum
Labels
3 - Done Issue is done/complete security-analytics v2.9.0
Milestone
v2.9

Comments

@praveensameneni
Copy link
Member

praveensameneni commented Jul 6, 2023
edited by cwillum
Loading

What do you want to do?

  • Request a change to existing documentation
  • [ x] Add new documentation
  • Report a technical problem with the documentation
  • Other

Tell us about your request. Provide a summary of the request and all versions that are affected.
We are adding support for OCSF schema to VPC Flow logs, CloudTrail and Route53 (DNS) logs

  • Update field mapping to include OCSF field mappings associated with Amazon Security Lake OCSF
  • Add API documentation for correlation engine.

What other resources are available? Provide links to related issues, POCs, steps for testing, etc.
opensearch-project/security-analytics#459
@hdhalter
Copy link
Contributor

hdhalter commented Jul 6, 2023

Thanks, @praveensameneni . Which version is this targeting?

@praveensameneni
Copy link
Member Author

We are targeting 2.9

@hdhalter
Copy link
Contributor

hdhalter commented Jul 6, 2023

@cwillum - Chris, can you please take a look at this and let me know if we will be able to document this for 2.9?

@Naarcha-AWS Naarcha-AWS added 1 - Backlog Issue: The issue is unassigned or assigned but not started and removed untriaged labels Jul 6, 2023
@Naarcha-AWS Naarcha-AWS added backport 2.8 PR: Backport label for 2.8 and removed backport 2.8 PR: Backport label for 2.8 labels Jul 6, 2023
@Naarcha-AWS Naarcha-AWS added this to the v2.9 milestone Jul 6, 2023
@cwillum
Copy link
Contributor

cwillum commented Jul 7, 2023
edited
Loading

@hdhalter I'm meeting with dev today to discuss these updates. After that I'll have a better idea of the breadth of the updates required. (meeting pushed out to next week)

@hdhalter hdhalter added the At risk - red Issue is at risk of not releasing on time label Jul 10, 2023
@cwillum cwillum mentioned this issue Jul 12, 2023
Merged
1 task
@hdhalter hdhalter added 2 - In progress Issue/PR: The issue or PR is in progress. At risk - yellow and removed 1 - Backlog Issue: The issue is unassigned or assigned but not started At risk - red Issue is at risk of not releasing on time labels Jul 13, 2023
@cwillum cwillum added security-analytics and removed 2 - In progress Issue/PR: The issue or PR is in progress. At risk - yellow labels Jul 17, 2023
@hdhalter hdhalter added the 3 - Done Issue is done/complete label Jul 18, 2023
@cwillum cwillum mentioned this issue Jul 26, 2023
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cwillum cwillum

Labels
3 - Done Issue is done/complete security-analytics v2.9.0
Projects
None yet
Milestone
v2.9
4 participants
@praveensameneni @Naarcha-AWS @hdhalter @cwillum