Releases: opensearch-project/opensearch-catalog
aws_waf-1.0.0
AWS WAF Integration
AWS WAF Logs schema, see protocol details protocol
What is AWS WAF?
AWS WAF (Web Application Firewall) is a web application firewall service that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF provides firewall rules to filter and monitor HTTP/HTTPS requests based on specific conditions.
AWS WAF can be used for various purposes, such as:
- Mitigating web application layer DDoS attacks
- Blocking common web attack patterns like SQL injection and cross-site scripting (XSS)
- Filtering traffic based on IP addresses or geographic locations
- Controlling access to specific parts of your application
AWS WAF allows you to define rules to match specific conditions and then take actions, such as allowing, blocking, or rate-limiting requests, based on those rules.
See additional details here.
What is AWS WAF Log Integration?
An integration is a set of pre-configured assets bundled together to facilitate monitoring and analysis.
AWS WAF log integration includes dashboards, visualizations, queries, and an index mapping.
Dashboard
Loading Integrations via DashboardManagement
To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:
-
Download the
amazon_waf-1.0.0.ndjson
artifact -
Go to the DashboardManagement -> savedObjects
-
Once there select import to load the recently downloaded integration artifact (
amazon_waf-1.0.0.ndjson
suffix) -
Open the waf integration and install
aws_cloudtrail_1.1.0
AWS CloudTrails Logs Integration
Minor fix for the Amazon Log Integration for Flint Version 1.1.0
Fix skipping index related issue
Update table creation statement according to Athena DDL Statement
See related Athena S3 setup tutorial
AWS CloudTrail Log Integration
What is AWS CloudTrail?
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.
CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.
CloudTrail can be used for a number of tasks, such as:
- Simplifying compliance auditing
- Tracking changes to AWS resources
- Troubleshooting operational issues
- Identifying unwanted actions or unexpected patterns in behavior
CloudTrail's event log data is delivered to an S3 bucket, and does not affect network throughput or latency. You can create or delete CloudTrail logs without any risk of impact to system performance.
See additional details here.
What is AWS CloudTrail Log Integration?
An integration is a set of pre-configured assets which are bundled together in a meaningful manner.
AWS CloudTrail log integration includes dashboards, visualizations, queries, and an index mapping.
Dashboards
The Dashboard uses the index alias logs-cloudtrail
for shortening the index name - be advised.
Loading Integrations via DashboardManagement
To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:
-
Download the
amazon_cloud-trail-1.1.0.ndjson
artifact -
Go to the DashboardManagement -> savedObjects
-
Once there select import to load the recently downloaded integration artifact (
amazon_cloud-trail-1.1.0.ndjson
suffix) -
Open the CloudTrail integration and install
amazon_vpc_flow_ocsf_1.0.0
Amazon VPC Flow Logs Integration (Security Lake Format 1.0 OCSF)
See about vpc flow log working with Security lake
OCSF Github
Minor fix for the VPC Flow Log Integration for Flint Version 1.0.0 (OCSF)
Fix skipping index related issue
Fix table definition fromjson
toparquet
to match the VPC log based producer protocol
What is Amazon VPC Flow Logs ?
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.
Flow logs can help you with a number of tasks, such as:
-
Diagnosing overly restrictive security group rules
-
Monitoring the traffic that is reaching your instance
-
Determining the direction of the traffic to and from the network interfaces
Flow log data is collected outside of the path of your network traffic, and therefore does not affect network throughput or latency. You can create or delete flow logs without any risk of impact to network performance.
What is Amazon VPC FLow Logs Integration ?
An integration is a bundle of pre-canned assets which are bundled togather in a meaningful manner.
Amazon VPC flow logs integration includes dashboards, visualisations, queries and an index mapping.
Dashboards
The Dashboard uses the index alias logs-vpc
for shortening the index name - be advised.
Loading Integrations via DashboardManagement
To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:
-
Download the
amazon_vpc_flow-1.1.0.ndjson
artifact -
Go to the DashboardManagement -> savedObjects
-
Once there select import to load the recently downloaded integration artifact (
amazon_vpc_flow-1.1.0.ndjson
suffix) -
Open the VPC integration and install
amazon_vpc_flow_1.1.0
Amazon VPC Flow Logs Integration (VPC file format)
VPC flow based on 1.1 specification for vpc parquet based format
See protocol details protocol
What is Amazon VPC Flow Logs ?
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.
Flow logs can help you with a number of tasks, such as:
-
Diagnosing overly restrictive security group rules
-
Monitoring the traffic that is reaching your instance
-
Determining the direction of the traffic to and from the network interfaces
Flow log data is collected outside of the path of your network traffic, and therefore does not affect network throughput or latency. You can create or delete flow logs without any risk of impact to network performance.
What is Amazon VPC FLow Logs Integration ?
An integration is a bundle of pre-canned assets which are bundled togather in a meaningful manner.
Amazon VPC flow logs integration includes dashboards, visualisations, queries and an index mapping.
Dashboards
The Dashboard uses the index alias logs-vpc
for shortening the index name - be advised.
Loading Integrations via DashboardManagement
To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:
-
Download the
amazon_vpc_flow-1.1.0.ndjson
artifact -
Go to the DashboardManagement -> savedObjects
-
Once there select import to load the recently downloaded integration artifact (
amazon_vpc_flow-1.1.0.ndjson
suffix) -
Open the VPC integration and install
amazon-s3-logs-1.1.0
Amazon S3 Access Logs Integration
Amazon S3 Access Logs schema, see protocol details protocol
What is AWS S3 Access Logs?
Amazon S3 (Simple Storage Service) is an object storage service that offers industry-leading scalability, data availability, security, and performance. It is designed to make web-scale computing easier for developers.
Server access logging provides detailed records for the requests that are made to a bucket. Server access logs are useful for many applications. For example, access log information can be useful in security and access audits. This information can also help you learn about your customer base and understand your Amazon S3 bill.
See additional details here.
What is AWS S3 Integration?
An integration is a bundle of pre-canned assets which are brought together in a meaningful manner.
AWS S3 integration includes dashboards, visualizations, queries, and an index mapping.
Dashboards
The Dashboard uses the index alias logs-aws-s3
for shortening the index name - be advised.
Loading Integrations via DashboardManagement
To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:
-
Download the
amazon-s3-logs-1.1.0
artifact -
Go to the DashboardManagement -> savedObjects
-
Once there select import to load the recently downloaded integration artifact (
amazon-s3-logs-1.1.0
suffix) -
Open the S3 access logs integration and install
nginx-1.0.0
Nginx Integration
Nginx Logs schema, see protocol details protocol
Nginx Integration
What is Nginx ?
NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more.
See additional details here.
What is Nginx Integration ?
An integration is a bundle of pre-canned assets which are bundled togather in a meaningful manner.
Nginx integration includes dashboards, visualisations, queries and an index mapping.
Dashboard
Loading Integrations via DashboardManagement
To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:
-
Download the
nginx-1.0.0.ndjson
artifact -
Go to the DashboardManagement -> savedObjects
-
Once there select import to load the recently downloaded integration artifact (
nginx-1.0.0.ndjson
suffix) -
Open the nginx integration and install
haproxy-1.0.0
HAProxy Integration
What is HAProxy?
HAProxy is open-source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications.
See additional details here.
What is HAProxy Integration?
An integration is a bundle of pre-canned assets that are packaged together in a meaningful manner.
HAProxy integration includes dashboards, visualisations, queries and an index mapping.
Dashboards
Loading Integrations via DashboardManagement
To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:
-
Download the
haproxy-1.0.0.ndjson
artifact -
Go to the DashboardManagement -> savedObjects
-
Once there select import to load the recently downloaded integration artifact (
haproxy-1.0.0.ndjson
suffix) -
Open the haproxy integration and install
apache-1.0.0
Apache Http Logs Integration
Apache Http Logs schema, see protocol details protocol
What is Apache ?
Apache is an open source web server software for modern operating systems including UNIX and Windows.
See additional details here.
What is Apache Integration ?
An integration is a bundle of pre-canned assets which are bundled togather in a meaningful manner.
Apache integration includes dashboards, visualisations, queries and an index mapping.
Dashboards
Loading Integrations via DashboardManagement
To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:
-
Download the
apache-1.0.0.ndjson
artifact -
Go to the DashboardManagement -> savedObjects
-
Once there select import to load the recently downloaded integration artifact (
apache-1.0.0.ndjson
suffix) -
Open the apache http logs integration and install
amazon_elb_1.0.0
Amazon ELB Integration
Amazon ELB Logs schema, see protocol details protocol
What is AWS ELB?
ELB Access Logs is a data signal that allows you to capture information about requests sent to your load balancer.
Access logs can help with a number of tasks, such as:
-
Optimizing performance by showing response and processing times
-
Security analysis by monitoring unusual request patterns or user agents
-
Understanding traffic patterns and peak loads
While disabled by default, you can enable storing access logs for your load balancer in an AWS S3 bucket.
See additional details here.
What is AWS ELB Access Logs Integration ?
An integration is a bundle of pre-canned assets which are bundled together in a meaningful manner.
AWS ELB access logs integration includes dashboards, visualizations, queries and index mapping
Dashboard
Loading Integrations via DashboardManagement
To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:
-
Download the
amazon_elb-1.0.0.ndjson
artifact -
Go to the DashboardManagement -> savedObjects
-
Once there select import to load the recently downloaded integration artifact (
amazon_elb-1.0.0.ndjson
suffix) -
Open the elb integration and install
amazon_cloudfront-1.0.0
Amazon CloudFront Integration
Amazon CloudFront Logs schema, see protocol details protocol
AWS CloudFront Integration
What is AWS CloudFront?
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds. CloudFront is integrated with other Amazon Web Services products to give developers and businesses an easy way to distribute content to end-users with low latency and high data transfer speeds.
See additional details here.
What is AWS CloudFront Integration?
An integration is a bundle of pre-canned assets which are brought together in a meaningful manner.
AWS CloudFront integration includes dashboards, visualizations, queries, and an index mapping.
Dashboards
The Dashboard uses the index alias logs-aws-cloudfront
for shortening the index name - be advised.
Loading Integrations via DashboardManagement
To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:
-
Download the
amazon_cloudfront-1.0.0.ndjson
artifact -
Go to the DashboardManagement -> savedObjects
-
Once there select import to load the recently downloaded integration artifact (
amazon_cloudfront-1.0.0.ndjson
suffix) -
Open the cloud front integration and install