Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Meta] Security Analytics Custom Log Types support #459

Closed
4 tasks
petardz opened this issue Jun 7, 2023 · 4 comments
Closed
4 tasks

[Meta] Security Analytics Custom Log Types support #459

petardz opened this issue Jun 7, 2023 · 4 comments
Assignees
@sbcd90
Labels
enhancement New feature or request v2.10.0

Comments

@petardz
Copy link
Contributor

petardz commented Jun 7, 2023
edited
Loading

linked issue #447

Tasks:

  • 1. Define new LogType(JSON) structure which holds log type's name, description and field mappings. For pre-packaged rules there should be set of files(1 file per log type) stored on disk. On Security Analytics startup, load these files into system index: .opensearch-sap-log-types-config.

  • 2. User-defined(Custom) log types. Provide CRUD API for user to define its own custom log type. Custom log type will be defined by new LogType structure defined in first task and stored in .opensearch-sap-log-types-config index. Replace DetectorType enum with class which loads detector types(log types) from .opensearch-sap-log-types-config.

  • 3. Modify existing Mappings APIs to utilize new JSON structure defined in first task, instead of mapping.json files.

  • 4. Implement auto-detection of mapping schema(ECS, OCSF) used in log index.
@petardz petardz added enhancement New feature or request untriaged labels Jun 7, 2023
This was referenced Jun 16, 2023
Open
Merged
@praveensameneni praveensameneni mentioned this issue Jul 6, 2023
Closed
5 tasks
@sbcd90 sbcd90 mentioned this issue Jul 11, 2023
Merged
5 tasks
@getsaurabh02 getsaurabh02 mentioned this issue Jul 13, 2023
Closed
@getsaurabh02 getsaurabh02 changed the title [Meta] Security Analytics OCSF integration & Custom Log Types support [Meta] Security Analytics Custom Log Types support Jul 13, 2023
@getsaurabh02
Copy link
Member

We already merged the OCSF integration as part of #447
We will focus on Custom Log Type in 2.10

@sandervandegeijn
Copy link

Full ECS support would be nice as well. When trying to load the whole ECS schema component templates a couple of weeks ago Opensearch didn't support a couple of field types.

@getsaurabh02 getsaurabh02 mentioned this issue Aug 10, 2023
Closed
@DarshitChanpura
Copy link
Member

@getsaurabh02 Should this be marked for 2.11?

@xeniatup xeniatup mentioned this issue Sep 20, 2023
Open
@amsiglan
Copy link
Collaborator

Added support for custom log types in 2.10

@prudhvigodithi prudhvigodithi mentioned this issue Dec 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sbcd90 sbcd90

Labels
enhancement New feature or request v2.10.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@sbcd90 @sandervandegeijn @petardz @getsaurabh02 @DarshitChanpura @AWSHurneyt @amsiglan