[Meta][Amazon Security Lake] Supporting OCSF v1.1 #9607
Labels
8.15 candidate
enhancement
New feature or request
Epic
Integration:amazon_security_lake
Amazon Security Lake
meta
Team:Security-Service Integrations
Security Service Integrations Team [elastic/security-service-integrations]
Our current Amazon Security Lake supports OCSF v1.0, which was the latest version of the schema when we initially shipped the integration. The OCSF schema has evolved since, and is now at v1.1.
Our Security Lake pipelines need to be adjusted to ensure we're inline with v1.1, including new event classes, objects and categories. Backward compatibility is not a significant concern in this case, as an example our security findings pipeline can be deprecated, as security findings were deprecated in OCSF v1.1. Related dashboards will also need to be removed, and new ones added to account for new classes introduced in v1.1
Once we have updated pipelines to support the latest OCSF version, we'll create an issue to build a generic OCSF to ECS package, for users who would like to ingest OCSF formatted data outside of Security Lake.
For a full list of v1.1 changes we need to adhere to, please see here: https://github.com/ocsf/ocsf-schema/blob/main/CHANGELOG.md#v110---january-25th-2024
Update: OCSF v1.2 is now available - https://github.com/ocsf/ocsf-schema/blob/main/CHANGELOG.md#v120---april-23rd-2024 - will let @ShourieG decide if we make the necessary changes for both 1.1 and 1.2 in this issue, or create a separate isseu for v1.2
Tasks
The text was updated successfully, but these errors were encountered: