feature: OpenSearch SIEM for ASEA (#853)

* initial opensearch cdk work * working os configure * working dashboard * Remove debug statement * removal updates * update for linting * eslint fixes * update sample config * Add artifacts * prettier * eslint * initial opensearch cdk work * working os configure * working dashboard * Remove debug statement * removal updates * update for linting * eslint fixes * update sample config * Add artifacts * prettier * eslint * more eslint * update jest snapshot with latest TransitGateway cloudformation immutable property changes * updated snapshot with log-archive phase 4 (this is the phase that adds s3 notifications) * Update test sample * update verify files with siem config * remove unused folder * opensearch logs * add geoip * remove admin role. use lambda role to bootstrap OpenSearch * configure siem geoip custom resource to bootstrap download * update cdk version number in script file * merge * prettier * update sample config * update sample config * remove unused unauthenticated cognito roles, enable MFA for cognito, enable AdvancedSecurty for cognito * update README Co-authored-by: Brian969 <[email protected]>
aws-samples · Jan 7, 2022 · 5f88292 · 5f88292
1 parent e53f6fe
commit 5f88292
Show file tree

Hide file tree

Showing 126 changed files with 9,145 additions and 2,809 deletions.
diff --git a/deployment/build-s3-dist.sh b/deployment/build-s3-dist.sh
@@ -33,7 +33,7 @@ normal=$(tput sgr0)
 # SETTINGS
 #------------------------------------------------------------------------------
 # Important: CDK global version number
-cdk_version=1.113.0 # Note: should match package.json
+cdk_version=1.130.0 # Note: should match package.json
 template_format="json"
 run_helper="true"
 

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/reference-artifacts/SAMPLE_CONFIGS/config.example.json b/reference-artifacts/SAMPLE_CONFIGS/config.example.json
@@ -1252,6 +1252,49 @@
           "rsyslog-enforce-imdsv2": true,
           "rsyslog-root-volume-size": 100,
           "rsyslog-max-instance-age": 7
+        },
+        "siem": {
+          "deploy": false,
+          "vpc-name": "Central",
+          "region": "${HOME_REGION}",          
+          "security-groups": [
+            {
+              "name": "opensearch-siem",
+              "inbound-rules": [
+                {
+                  "description": "Allow Traffic Inbound",
+                  "tcp-ports": [443],                  
+                  "source": "${RANGE-RESTRICT}"
+                }
+              ],
+              "outbound-rules": [
+                {
+                  "description": "All Outbound",
+                  "type": ["ALL"],
+                  "source": ["0.0.0.0/0"]
+                }
+              ]
+            }
+          ],
+          "app-subnets": [
+            {
+              "name": "App",
+              "az": "a"
+            },
+            {
+              "name": "App",
+              "az": "b"
+            }
+          ],          
+          "lambda-log-processing-role": "${ACCELERATOR_PREFIX_ND}-OpenSearch-ProcessingRole",
+          "cognito-domain-prefix": "${ACCELERATOR_PREFIX_LND}-siem----------------------REPLACE------------",
+          "opensearch-instance-type-main-nodes": "c6g.xlarge.search",
+          "opensearch-instance-type-data-nodes": "r6g.xlarge.search",
+          "opensearch-capacity-main-nodes": 3,
+          "opensearch-capacity-data-nodes": 4,
+          "opensearch-volume-size": 100,
+          "opensearch-configuration": "siem/opensearch-config.json",
+          "event-processor-lambda-package": "siem/os-loader.zip"
         }
       }
     },

diff --git a/reference-artifacts/siem/dashboard.ndjson.zip b/reference-artifacts/siem/dashboard.ndjson.zip