Amazon Security Lake integration - Fix Detection Finding mapping #219

AlexRuiz7 · 2024-04-26T14:47:28Z

Description

Related issue: #128

During the testing of #217, I've found out that our mapping has to the Detection Finding class of OCSF has some small problems that we need to fix, as it does not comply with the OCSF class schema.

Here's an example:

(.venv) @alex-GL66 ➜ amazon-security-lake-ocsf-validation git:(main) ✗ python validate.py -i parquet/

ATTEMPTING TO VALIDATE FILE: ext_wazuh_region=us-east-1_accountId=111111111111_eventDay=20240426_16c8c6c68f4845949f41ea1d6098913f.parquet

INVALID OCSF.

INVALID OCSF.

INVALID OCSF.

INVALID OCSF.

INVALID OCSF.

Sending verbose output to: /home/alex/wazuh/amazon-security-lake-ocsf-validation/output.txt

Check the output file for details. For example, ['finding_info']['attacks'] is an object, while it should be an array of objects.

output.txt

Tasks

Convert time from string to integer (epoch)
Convert ['finding_info']['attacks'] to a list of AttackInfo objects

The text was updated successfully, but these errors were encountered:

AlexRuiz7 added level/task Task issue type/bug Bug issue labels Apr 26, 2024

AlexRuiz7 self-assigned this Apr 26, 2024

AlexRuiz7 mentioned this issue Apr 26, 2024

Fix mapping to Detection Finding OCSF class #220

Merged

8 tasks

AlexRuiz7 closed this as completed in #220 Apr 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Amazon Security Lake integration - Fix Detection Finding mapping #219

Amazon Security Lake integration - Fix Detection Finding mapping #219

AlexRuiz7 commented Apr 26, 2024 •

edited

Loading

Amazon Security Lake integration - Fix Detection Finding mapping #219

Amazon Security Lake integration - Fix Detection Finding mapping #219

Comments

AlexRuiz7 commented Apr 26, 2024 • edited Loading

Description

Tasks

AlexRuiz7 commented Apr 26, 2024 •

edited

Loading