Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Amazon Security lake integration as source #128

Closed
6 tasks done
Tracked by #204
AlexRuiz7 opened this issue Jan 17, 2024 · 3 comments
Closed
6 tasks done
Tracked by #204

Amazon Security lake integration as source #128

AlexRuiz7 opened this issue Jan 17, 2024 · 3 comments
Labels
level/epic Epic issue type/enhancement Enhancement issue

Comments

@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Jan 17, 2024
edited
Loading

Description

Amazon Security Lake is a centralized repository of security data for AWS environments, SaaS providers, on premises, cloud sources, and third-party sources stored in your AWS account.

All the entities listed previously can read or write security lake through subscription or source integrations, respectively. Wazuh already provides an integration as a subscriber, and is listed in the Amazon Security Lake partners program.

We want to create a new integration for Amazon Security Lake, this time as a source, meaning that the designed security data hosted in wazuh-indexer will end up in the security lake for other third-party services to consume and analyze.

Functional requirements

  • As a user, I can integrate Wazuh with AWS Security Lake as a source.
  • As a user, I can explore Wazuh events from the AWS Security Lake recommended tools (security lake queries, etc.).
  • As a user, I can search the AWS marketplace for source integrations and find Wazuh.
  • As a user, I have access to a guide on how to integrate Wazuh with Security Lake as a source.

Non-functional requirements

  • Our integration complies with all the AWS requirements as stated in their documentation.
  • Our integrations will map only essential fields from Wazuh to OCFS.

Implementation restrictions

Plan

  • Study requirements for Wazuh integration as a source.
    • Study good practices and optimization tips.
    • Create an implementation design.
  • Create a proof of concept.
  • Define OCSF event classes to use.
  • Create OCSF decoder for selected Wazuh events.
  • Implement integration.
  • Test integration.
  • Technical documentation and user manual.
  • E2E UX test

Tasks

This task list follows from the plan:
@AlexRuiz7 AlexRuiz7 added level/epic Epic issue type/enhancement Enhancement issue labels Jan 17, 2024
@AlexRuiz7 AlexRuiz7 self-assigned this Jan 17, 2024
@AlexRuiz7
Copy link
Member Author

OCSF v1.1.0 was released recently
https://github.com/ocsf/ocsf-schema/releases/tag/v1.1.0

@Selutario Selutario mentioned this issue Jan 31, 2024
Closed
@AlexRuiz7 AlexRuiz7 removed their assignment Feb 19, 2024
@havidarou havidarou mentioned this issue Apr 12, 2024
Closed
6 tasks
This was referenced Apr 25, 2024
Closed
Closed
Closed
Closed
Closed
This was referenced May 7, 2024
Closed
Closed
@sidharthancr
Copy link

@AlexRuiz7 I am eagerly looking for the features.

Any idea on release date?

@AlexRuiz7
Copy link
Member Author

AlexRuiz7 commented May 28, 2024
edited
Loading

Hi @sidharthancr

This is part of the 4.9.0 release, which is planned for Q3 2024. This project is currently on internal testing. The code and the documentation are already in this repo, so feel free to test it and report any issues you find with us so we can fix that before the release. We'd appreciate that.

@AlexRuiz7 AlexRuiz7 mentioned this issue May 28, 2024
Closed
@AlexRuiz7 AlexRuiz7 mentioned this issue Jun 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
level/epic Epic issue type/enhancement Enhancement issue
Projects
No open projects
Release 4.9.0
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sidharthancr @AlexRuiz7