Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Amazon security lake source integration #204

Closed
6 tasks done
havidarou opened this issue Apr 12, 2024 · 0 comments
Closed
6 tasks done

Amazon security lake source integration #204

havidarou opened this issue Apr 12, 2024 · 0 comments
Labels

Comments

@havidarou
Copy link
Member

havidarou commented Apr 12, 2024

Description

We want to move the 3rd party integrations materials to the indexer repository, including the courtesy dashboards generated for them. This will allow us to manage these integrations from the source of the events.

We think wazuh-indexer is the appropriate place for these integrations, as the event source will be wazuh-indexer in most cases. Also, for 5.0 we might remove the support for the integrations which use the manager as the event source.

We want to create a new integration for Amazon Security Lake which should be released in 4.9.0. This will be a source type integration, following the AWS notation for the integrations, as we already did an integration of the subscriber type in wazuh/wazuh#16362.

Functional requirements

  • As a user, I can integrate Wazuh with AWS Security Lake as a source.
  • As a user, I can explore Wazuh events from the AWS Security Lake recommended tools (security lake queries, etc.).
  • As a user, I can search the AWS marketplace for source integrations and find Wazuh.
  • As a user, I have access to a guide on how to integrate Wazuh with Security Lake as a source.

Non-functional requirements

  • Our integration complies with all the AWS requirements as stated in their documentation.
  • Our integrations will map only essential fields from Wazuh to OCFS.

Implementation restrictions

Plan

  • Update and move current integrations to wazuh-indexer
  • Study existing third-party integrations for Amazon Security Lake.
  • Create a new study focused on source-type integrations only.
    • Study requirements for Wazuh integration as a source.
    • Study good practices and optimization tips.
  • Represent security events in OCSF.
  • Decode OCSF events using Apache Parquet format.
  • Implement integration.
  • Test integration.
  • Technical documentation and user manual.
  • E2E UX test. @wazuh/qa

Issues

Approved by

DRI name: @AlexRuiz7

@havidarou havidarou added level/task Task issue type/enhancement Enhancement issue level/objective and removed level/task Task issue labels Apr 12, 2024
@wazuhci wazuhci moved this to In progress in Release 4.9.0 Apr 12, 2024
@wazuhci wazuhci added this to Roadmap Apr 12, 2024
@wazuhci wazuhci moved this to In Progress in Roadmap Apr 12, 2024
@wazuhci wazuhci moved this from In progress to On hold in Release 4.9.0 May 16, 2024
@github-project-automation github-project-automation bot moved this from In progress to Done in Roadmap Jun 3, 2024
@wazuhci wazuhci moved this from On hold to Done in Release 4.9.0 Jun 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: Done
Status: Done
Development

No branches or pull requests

2 participants