Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Amazon Security lake integration as source #128

Open
4 of 5 tasks
Tracked by #204
AlexRuiz7 opened this issue Jan 17, 2024 · 1 comment
Open
4 of 5 tasks
Tracked by #204

Amazon Security lake integration as source #128

AlexRuiz7 opened this issue Jan 17, 2024 · 1 comment
Labels
level/epic Epic issue type/enhancement Enhancement issue

Comments

@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Jan 17, 2024
edited

Description

Amazon Security Lake is a centralized repository of security data for AWS environments, SaaS providers, on premises, cloud sources, and third-party sources stored in your AWS account.

All the entities listed previously can read or write security lake through subscription or source integrations, respectively. Wazuh already provides an integration as a subscriber, and is listed in the Amazon Security Lake partners program.

We want to create a new integration for Amazon Security Lake, this time as a source, meaning that the designed security data hosted in wazuh-indexer will end up in the security lake for other third-party services to consume and analyze.

Functional requirements

  • As a user, I can integrate Wazuh with AWS Security Lake as a source.
  • As a user, I can explore Wazuh events from the AWS Security Lake recommended tools (security lake queries, etc.).
  • As a user, I can search the AWS marketplace for source integrations and find Wazuh.
  • As a user, I have access to a guide on how to integrate Wazuh with Security Lake as a source.

Non-functional requirements

  • Our integration complies with all the AWS requirements as stated in their documentation.
  • Our integrations will map only essential fields from Wazuh to OCFS.

Implementation restrictions

Plan

  • Study requirements for Wazuh integration as a source.
    • Study good practices and optimization tips.
    • Create an implementation design.
  • Create a proof of concept.
  • Define OCSF event classes to use.
  • Create OCSF decoder for selected Wazuh events.
  • Implement integration.
  • Test integration.
  • Technical documentation and user manual.
  • E2E UX test

Tasks

This task list follows from the plan:
@AlexRuiz7 AlexRuiz7 added level/epic Epic issue type/enhancement Enhancement issue labels Jan 17, 2024
@AlexRuiz7 AlexRuiz7 self-assigned this Jan 17, 2024
@AlexRuiz7
Copy link
Member Author

OCSF v1.1.0 was released recently
https://github.com/ocsf/ocsf-schema/releases/tag/v1.1.0

@Selutario Selutario mentioned this issue Jan 31, 2024
Closed
@AlexRuiz7 AlexRuiz7 removed their assignment Feb 19, 2024
@havidarou havidarou mentioned this issue Apr 12, 2024
Open
6 tasks
This was referenced Apr 25, 2024
Closed
Closed
Closed
Closed
Closed
This was referenced May 7, 2024
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
level/epic Epic issue type/enhancement Enhancement issue
Projects
Release 4.9.0
Status: Pending review
Milestone
No milestone
Development

No branches or pull requests
1 participant
@AlexRuiz7