Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Amazon Security Lake] Add support for new objects and event classes, profiles and update schemas accordingly #10740

Closed
Tracked by #9607
ShourieG opened this issue Aug 8, 2024 · 1 comment · Fixed by #10405
Closed
Tracked by #9607

[Amazon Security Lake] Add support for new objects and event classes, profiles and update schemas accordingly #10740

ShourieG opened this issue Aug 8, 2024 · 1 comment · Fixed by #10405
Assignees
@ShourieG
Labels
enhancement New feature or request Integration:amazon_security_lake Amazon Security Lake integration Label used for meta issues tracking each integration Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations]

Comments

@ShourieG
Copy link
Contributor

ShourieG commented Aug 8, 2024
edited
Loading

Add support for the following Event Classes, Objects & Profiles:

Event Classes

  1. User Inventory Info event class.
  2. Vulnerability Finding event class.
  3. NTP Activity event class
  4. OS Patch State event class.
  5. Datastore Activity event class 6005.
  6. Detection Finding event class.
  7. Incident Finding event class.
  8. Device Config Sate Change event class.
  9. Scan Activity event class.
  10. File Hosting Activity event class.
  11. Compliance Finding event class.

Profiles

  1. Network Proxy Profile for the Network Activity and Application Activity classes.
  2. Load Balancer Profile for the Network Activity classes.

Objects

  1. New cwe object to cve and vulnerability objects.
  2. Firewall Rule object.
  3. New kb_article object to house Knowledgebase Article info.
  4. New epss object to the cve object.

Meta issue #9607 for context.
@ShourieG ShourieG mentioned this issue Aug 8, 2024
Open
@ShourieG ShourieG changed the title [Amazon Security Lake] Add support for new objects and event classes and update schemas accordingly [Amazon Security Lake] Add support for new objects and event classes, profiles and update schemas accordingly Aug 8, 2024
@ShourieG ShourieG mentioned this issue Aug 8, 2024
Merged
11 tasks
@ShourieG ShourieG self-assigned this Aug 9, 2024
@ShourieG ShourieG added the Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations] label Aug 9, 2024
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@ShourieG ShourieG added integration Label used for meta issues tracking each integration enhancement New feature or request labels Aug 9, 2024
@andrewkroh andrewkroh added the Integration:amazon_security_lake Amazon Security Lake label Aug 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ShourieG ShourieG

Labels
enhancement New feature or request Integration:amazon_security_lake Amazon Security Lake integration Label used for meta issues tracking each integration Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
3 participants
@andrewkroh @elasticmachine @ShourieG