aws_waf-1.0.0

AWS WAF Integration

AWS WAF Logs schema, see protocol details protocol

What is AWS WAF?

AWS WAF (Web Application Firewall) is a web application firewall service that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF provides firewall rules to filter and monitor HTTP/HTTPS requests based on specific conditions.

AWS WAF can be used for various purposes, such as:

• Mitigating web application layer DDoS attacks
• Blocking common web attack patterns like SQL injection and cross-site scripting (XSS)
• Filtering traffic based on IP addresses or geographic locations
• Controlling access to specific parts of your application

AWS WAF allows you to define rules to match specific conditions and then take actions, such as allowing, blocking, or rate-limiting requests, based on those rules.

See additional details here.

What is AWS WAF Log Integration?

An integration is a set of pre-configured assets bundled together to facilitate monitoring and analysis.

AWS WAF log integration includes dashboards, visualizations, queries, and an index mapping.

Dashboard

---

Loading Integrations via DashboardManagement

To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:

1. Download the amazon_waf-1.0.0.ndjson artifact

2. Go to the DashboardManagement -> savedObjects

3. Once there select import to load the recently downloaded integration artifact (amazon_waf-1.0.0.ndjson suffix)

4. Open the waf integration and install

aws_cloudtrail_1.1.0

AWS CloudTrails Logs Integration

Minor fix for the Amazon Log Integration for Flint Version 1.1.0
Fix skipping index related issue
Update table creation statement according to Athena DDL Statement
See related Athena S3 setup tutorial

AWS CloudTrail Log Integration

What is AWS CloudTrail?

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.

CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.

CloudTrail can be used for a number of tasks, such as:

• Simplifying compliance auditing
• Tracking changes to AWS resources
• Troubleshooting operational issues
• Identifying unwanted actions or unexpected patterns in behavior

CloudTrail's event log data is delivered to an S3 bucket, and does not affect network throughput or latency. You can create or delete CloudTrail logs without any risk of impact to system performance.

See additional details here.

What is AWS CloudTrail Log Integration?

An integration is a set of pre-configured assets which are bundled together in a meaningful manner.

AWS CloudTrail log integration includes dashboards, visualizations, queries, and an index mapping.

Dashboards

The Dashboard uses the index alias logs-cloudtrail for shortening the index name - be advised.

---

Loading Integrations via DashboardManagement

To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:

1. Download the amazon_cloud-trail-1.1.0.ndjson artifact

2. Go to the DashboardManagement -> savedObjects

3. Once there select import to load the recently downloaded integration artifact (amazon_cloud-trail-1.1.0.ndjson suffix)

4. Open the CloudTrail integration and install

amazon_vpc_flow_ocsf_1.0.0

Amazon VPC Flow Logs Integration (Security Lake Format 1.0 OCSF)

See about vpc flow log working with Security lake
OCSF Github

Minor fix for the VPC Flow Log Integration for Flint Version 1.0.0 (OCSF)
Fix skipping index related issue
Fix table definition from json to parquet to match the VPC log based producer protocol

What is Amazon VPC Flow Logs ?

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.

Flow logs can help you with a number of tasks, such as:

• Diagnosing overly restrictive security group rules

• Monitoring the traffic that is reaching your instance

• Determining the direction of the traffic to and from the network interfaces

Flow log data is collected outside of the path of your network traffic, and therefore does not affect network throughput or latency. You can create or delete flow logs without any risk of impact to network performance.

• See additional Amazon Logs Info details Here.
• Flint S3 VPC integration Readme

What is Amazon VPC FLow Logs Integration ?

An integration is a bundle of pre-canned assets which are bundled togather in a meaningful manner.

Amazon VPC flow logs integration includes dashboards, visualisations, queries and an index mapping.

Dashboards

The Dashboard uses the index alias logs-vpc for shortening the index name - be advised.

---

Loading Integrations via DashboardManagement

To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:

1. Download the amazon_vpc_flow-1.1.0.ndjson artifact

2. Go to the DashboardManagement -> savedObjects

3. Once there select import to load the recently downloaded integration artifact (amazon_vpc_flow-1.1.0.ndjson suffix)

4. Open the VPC integration and install

amazon_vpc_flow_1.1.0

Amazon VPC Flow Logs Integration (VPC file format)

VPC flow based on 1.1 specification for vpc parquet based format
See protocol details protocol

What is Amazon VPC Flow Logs ?

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.

Flow logs can help you with a number of tasks, such as:

• Diagnosing overly restrictive security group rules

• Monitoring the traffic that is reaching your instance

• Determining the direction of the traffic to and from the network interfaces

Flow log data is collected outside of the path of your network traffic, and therefore does not affect network throughput or latency. You can create or delete flow logs without any risk of impact to network performance.

• See additional Amazon Logs Info details Here.
• Flint S3 VPC integration Readme

What is Amazon VPC FLow Logs Integration ?

An integration is a bundle of pre-canned assets which are bundled togather in a meaningful manner.

Amazon VPC flow logs integration includes dashboards, visualisations, queries and an index mapping.

Dashboards

The Dashboard uses the index alias logs-vpc for shortening the index name - be advised.

---

Loading Integrations via DashboardManagement

To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:

1. Download the amazon_vpc_flow-1.1.0.ndjson artifact

2. Go to the DashboardManagement -> savedObjects

3. Once there select import to load the recently downloaded integration artifact (amazon_vpc_flow-1.1.0.ndjson suffix)

4. Open the VPC integration and install

amazon-s3-logs-1.1.0

Amazon S3 Access Logs Integration

Amazon S3 Access Logs schema, see protocol details protocol

What is AWS S3 Access Logs?

Amazon S3 (Simple Storage Service) is an object storage service that offers industry-leading scalability, data availability, security, and performance. It is designed to make web-scale computing easier for developers.

Server access logging provides detailed records for the requests that are made to a bucket. Server access logs are useful for many applications. For example, access log information can be useful in security and access audits. This information can also help you learn about your customer base and understand your Amazon S3 bill.

See additional details here.

What is AWS S3 Integration?

An integration is a bundle of pre-canned assets which are brought together in a meaningful manner.

AWS S3 integration includes dashboards, visualizations, queries, and an index mapping.

Dashboards

The Dashboard uses the index alias logs-aws-s3 for shortening the index name - be advised.

---

Loading Integrations via DashboardManagement

To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:

1. Download the amazon-s3-logs-1.1.0 artifact

2. Go to the DashboardManagement -> savedObjects

3. Once there select import to load the recently downloaded integration artifact (amazon-s3-logs-1.1.0 suffix)

4. Open the S3 access logs integration and install

nginx-1.0.0

Nginx Integration

Nginx Logs schema, see protocol details protocol

Nginx Integration

What is Nginx ?

NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more.

See additional details here.

What is Nginx Integration ?

An integration is a bundle of pre-canned assets which are bundled togather in a meaningful manner.

Nginx integration includes dashboards, visualisations, queries and an index mapping.

Dashboard

---

Loading Integrations via DashboardManagement

To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:

1. Download the nginx-1.0.0.ndjson artifact

2. Go to the DashboardManagement -> savedObjects

3. Once there select import to load the recently downloaded integration artifact (nginx-1.0.0.ndjson suffix)

4. Open the nginx integration and install

haproxy-1.0.0

HAProxy Integration

What is HAProxy?

HAProxy is open-source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications.

See additional details here.

What is HAProxy Integration?

An integration is a bundle of pre-canned assets that are packaged together in a meaningful manner.
HAProxy integration includes dashboards, visualisations, queries and an index mapping.

Dashboards

Loading Integrations via DashboardManagement

To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:

1. Download the haproxy-1.0.0.ndjson artifact

2. Go to the DashboardManagement -> savedObjects

3. Once there select import to load the recently downloaded integration artifact (haproxy-1.0.0.ndjson suffix)

4. Open the haproxy integration and install

apache-1.0.0

Apache Http Logs Integration

Apache Http Logs schema, see protocol details protocol

What is Apache ?

Apache is an open source web server software for modern operating systems including UNIX and Windows.

See additional details here.

What is Apache Integration ?

An integration is a bundle of pre-canned assets which are bundled togather in a meaningful manner.

Apache integration includes dashboards, visualisations, queries and an index mapping.

Dashboards

Loading Integrations via DashboardManagement

To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:

1. Download the apache-1.0.0.ndjson artifact

2. Go to the DashboardManagement -> savedObjects

3. Once there select import to load the recently downloaded integration artifact (apache-1.0.0.ndjson suffix)

4. Open the apache http logs integration and install

amazon_elb_1.0.0

Amazon ELB Integration

Amazon ELB Logs schema, see protocol details protocol

What is AWS ELB?

ELB Access Logs is a data signal that allows you to capture information about requests sent to your load balancer.

Access logs can help with a number of tasks, such as:

• Optimizing performance by showing response and processing times

• Security analysis by monitoring unusual request patterns or user agents

• Understanding traffic patterns and peak loads

While disabled by default, you can enable storing access logs for your load balancer in an AWS S3 bucket.

See additional details here.

What is AWS ELB Access Logs Integration ?

An integration is a bundle of pre-canned assets which are bundled together in a meaningful manner.

AWS ELB access logs integration includes dashboards, visualizations, queries and index mapping

Dashboard

---

Loading Integrations via DashboardManagement

To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:

1. Download the amazon_elb-1.0.0.ndjson artifact

2. Go to the DashboardManagement -> savedObjects

3. Once there select import to load the recently downloaded integration artifact (amazon_elb-1.0.0.ndjson suffix)

4. Open the elb integration and install

amazon_cloudfront-1.0.0

Amazon CloudFront Integration

Amazon CloudFront Logs schema, see protocol details protocol

AWS CloudFront Integration

What is AWS CloudFront?

Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds. CloudFront is integrated with other Amazon Web Services products to give developers and businesses an easy way to distribute content to end-users with low latency and high data transfer speeds.

See additional details here.

What is AWS CloudFront Integration?

An integration is a bundle of pre-canned assets which are brought together in a meaningful manner.

AWS CloudFront integration includes dashboards, visualizations, queries, and an index mapping.

Dashboards

The Dashboard uses the index alias logs-aws-cloudfront for shortening the index name - be advised.

---

Loading Integrations via DashboardManagement

To update an integration template navigate to the DashboardManagement and select savedObjects and import the new artifact:

1. Download the amazon_cloudfront-1.0.0.ndjson artifact

2. Go to the DashboardManagement -> savedObjects

3. Once there select import to load the recently downloaded integration artifact (amazon_cloudfront-1.0.0.ndjson suffix)

4. Open the cloud front integration and install