Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New OCSF siem integration #1837

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open

New OCSF siem integration #1837

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
0ca5068
update OTEL metrics queries with the correct ss40 metrics schema
YANG-DB May 2, 2024
eba835d
Merge remote-tracking branch 'origin/main' into fix-otel-data-pep-met…
YANG-DB May 3, 2024
2bfd7f6
update OTEL integration with dev console instructions for index templ…
YANG-DB May 4, 2024
71408de
update OTEL integration with details getting started tutorial
YANG-DB May 5, 2024
afa4105
update OTEL integration with details getting started tutorial
YANG-DB May 5, 2024
5282f9a
update OTEL integration with details getting started tutorial
YANG-DB May 5, 2024
f9d474a
update OTEL integration with details getting started tutorial
YANG-DB May 5, 2024
5d066e5
update OTEL integration with details getting started tutorial
YANG-DB May 5, 2024
412077d
update OTEL integration with details getting started tutorial
YANG-DB May 6, 2024
f9df7e7
update OTEL integration with details getting started tutorial
YANG-DB May 6, 2024
3471ee4
update OTEL integration with details getting started tutorial
YANG-DB May 7, 2024
dae71d9
update OTEL integration with details getting started tutorial
YANG-DB May 8, 2024
bae4232
update OTEL integration with details getting started tutorial
YANG-DB May 17, 2024
a40f94c
Merge remote-tracking branch 'origin/main' into update-otel-integration
YANG-DB May 17, 2024
a4f8669
add override field to indicate an asset should keep its original ID i…
YANG-DB May 17, 2024
1f82edd
revert not relevant changes
YANG-DB May 17, 2024
98a4a66
update links
YANG-DB May 17, 2024
93348ee
update otel demo integration
YANG-DB May 18, 2024
49ca00e
update otel demo integration
YANG-DB May 18, 2024
878a5e9
update otel integration metadata
YANG-DB May 18, 2024
d4eaec0
new ocsf siem security integrations
YANG-DB May 19, 2024
73c4b85
new ocsf siem security integrations
YANG-DB May 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/integrations/setup.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,4 @@ If working on S3-based integrations, it's worth noting that queries have some va
- `{object_name}` used for giving tables a unique name per-integration to avoid collisions.

For some query examples, it can be worth looking at the assets for the
[VPC integration](https://github.com/opensearch-project/dashboards-observability/blob/4e1e0e585/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/README.md).
[VPC integration](https://github.com/opensearch-project/dashboards-observability/blob/main/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/info/README.md).
218 changes: 210 additions & 8 deletions .../adaptors/integrations/__data__/repository/amazon_cloudfront/amazon_cloudfront-1.0.0.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,13 @@
"description": "Analyze access logs for Amazon CloudFront.",
"license": "Apache-2.0",
"type": "logs-aws_cloudfront",
"labels": ["Observability", "Logs", "AWS", "Cloud", "Flint S3"],
"labels": [
"Observability",
"Logs",
"AWS",
"Cloud",
"Flint S3"
],
"author": "OpenSearch",
"sourceUrl": "https://github.com/opensearch-project/dashboards-observability/tree/main/server/adaptors/integrations/__data__/repository/aws_cloudfront/info",
"statics": {
Expand Down Expand Up @@ -35,20 +41,208 @@
}
],
"components": [
{
"name": "aws_config",
"version": "1.0.0"
},
{
"name": "aws_clientvpn",
"version": "1.0.0"
},
{
"name": "aws_cloudfront",
"version": "1.0.0"
},
{
"name": "aws_s3",
"name": "aws_cloudhsm",
"version": "1.0.0"
},
{
"name": "aws_cloudtrail",
"version": "1.0.0"
},
{
"name": "aws_elasticache",
"version": "1.0.0"
},
{
"name": "aws_elb",
"version": "1.0.0"
},
{
"name": "aws_guardduty",
"version": "1.0.0"
},
{
"name": "aws_inspector",
"version": "1.0.0"
},
{
"name": "aws_msk",
"version": "1.0.0"
},
{
"name": "aws_networkfirewall",
"version": "1.0.0"
},
{
"name": "aws_opensearch",
"version": "1.0.0"
},
{
"name": "aws_r53resolver",
"version": "1.0.0"
},
{
"name": "aws_rds",
"version": "1.0.0"
},
{
"name": "aws_s3accesslog",
"version": "1.0.0"
},
{
"name": "aws_securityhub",
"version": "1.0.0"
},
{
"name": "aws_trustedadvisor",
"version": "1.0.0"
},
{
"name": "aws_vpcflowlogs",
"version": "1.0.0"
},
{
"name": "aws_waf",
"version": "1.0.0"
},
{
"name": "aws_workspace",
"version": "1.0.0"
},
{
"name": "log_ecs",
"version": "1.0.0"
},
{
"name": "log_linux",
"version": "1.0.0"
},
{
"name": "log_ocsf",
"version": "1.0.0"
},
{
"name": "log_win",
"version": "1.0.0"
},
{
"name": "logs_aws_clientvpc",
"version": "1.0.0"
},
{
"name": "logs_aws_cloudfront",
"version": "1.0.0"
},
{
"name": "logs_aws_cloudhsm",
"version": "1.0.0"
},
{
"name": "logs_aws_cloudtrail",
"version": "1.0.0"
},
{
"name": "logs_aws_config",
"version": "1.0.0"
},
{
"name": "logs_aws_elasticache",
"version": "1.0.0"
},
{
"name": "logs_aws_elb",
"version": "1.0.0"
},
{
"name": "logs_aws_guardduty",
"version": "1.0.0"
},
{
"name": "logs_aws_inspector",
"version": "1.0.0"
},
{
"name": "logs_aws_msk",
"version": "1.0.0"
},
{
"name": "logs_aws_networkfirewall",
"version": "1.0.0"
},
{
"name": "logs_aws_opensearch",
"version": "1.0.0"
},
{
"name": "logs_aws_r53resolver",
"version": "1.0.0"
},
{
"name": "logs_aws_rds",
"version": "1.0.0"
},
{
"name": "logs_aws_s3accesslog",
"version": "1.0.0"
},
{
"name": "logs_aws_securityhub",
"version": "1.0.0"
},
{
"name": "logs_aws_trustedadvisor",
"version": "1.0.0"
},
{
"name": "logs_aws_vpcflowlogs",
"version": "1.0.0"
},
{
"name": "logs_aws_waf",
"version": "1.0.0"
},
{
"name": "logs_aws_workspaces",
"version": "1.0.0"
},
{
"name": "logs_linux",
"version": "1.0.0"
},
{
"name": "logs_ocsf",
"version": "1.0.0"
},
{
"name": "logs_win",
"version": "1.0.0"
},
{
"name": "logs_win_directory_service",
"version": "1.0.0"
},
{
"name": "logs_win_fsx",
"version": "1.0.0"
},
{
"name": "cloud",
"name": "metrics_opensearch",
"version": "1.0.0"
},
{
"name": "logs-aws_cloudfront",
"name": "opensearch",
"version": "1.0.0"
}
],
Expand All @@ -64,28 +258,36 @@
"version": "1.0.0",
"extension": "sql",
"type": "query",
"workflows": ["queries"]
"workflows": [
"queries"
]
},
{
"name": "example_queries",
"version": "1.0.0",
"extension": "ndjson",
"type": "savedObjectBundle",
"workflows": ["queries"]
"workflows": [
"queries"
]
},
{
"name": "create_mv",
"version": "1.0.0",
"extension": "sql",
"type": "query",
"workflows": ["dashboards"]
"workflows": [
"dashboards"
]
},
{
"name": "aws_cloudfront",
"version": "1.0.0",
"extension": "ndjson",
"type": "savedObjectBundle",
"workflows": ["dashboards"]
"workflows": [
"dashboards"
]
}
],
"sampleData": {
Expand Down
Loading
Loading