Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Amazon Security Lake integration - Save intermediate JSON files #216

Closed
1 task done
AlexRuiz7 opened this issue Apr 25, 2024 · 1 comment · Fixed by #218
Closed
1 task done

Amazon Security Lake integration - Save intermediate JSON files #216

AlexRuiz7 opened this issue Apr 25, 2024 · 1 comment · Fixed by #218
Assignees
@AlexRuiz7
Labels
level/task Task issue type/enhancement Enhancement issue

Comments

@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Apr 25, 2024
edited
Loading

Description

Related issue: #128

The integration to Amazon Security Lake first maps the raw Wazuh Events to OCSF, and then encodes the data as Parquet. The Wazuh Events mapped to OCSF as JSON format are not exported. We think it could be interesting to save them as intermediate JSON files. That could be also useful for debugging (see https://github.com/aws-samples/amazon-security-lake-ocsf-validation).

Tasks

  • Extend the integration to save OCSF mapped events as JSON to an S3 bucket.
@AlexRuiz7 AlexRuiz7 added level/task Task issue type/enhancement Enhancement issue labels Apr 25, 2024
@AlexRuiz7 AlexRuiz7 self-assigned this Apr 25, 2024
@AlexRuiz7
Copy link
Member Author

S3_BUCKET_OCSF environment variable will define the S3 bucket to write OCSF data to.

image

@AlexRuiz7 AlexRuiz7 mentioned this issue Apr 26, 2024
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlexRuiz7 AlexRuiz7

Labels
level/task Task issue type/enhancement Enhancement issue
Projects
No open projects
Release 4.9.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Save intermediate OCSF files to an S3 bucket wazuh/wazuh-indexer
1 participant
@AlexRuiz7