Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Amazon Security Lake] - OCSF v1.1 update with major refactor & adding support for dynamic template and mappings & system tests #10405

Merged
merged 40 commits into from
Oct 23, 2024
Merged

[Amazon Security Lake] - OCSF v1.1 update with major refactor & adding support for dynamic template and mappings & system tests #10405

merged 40 commits into from
Oct 23, 2024
+34,099 −20,744

Commits on Jun 7, 2024

  1. added support for new user inventory info event class and updated inc… 

    …omplete mappings
    @ShourieG
    ShourieG committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    66c9372 View commit details
    Browse the repository at this point in the history

Commits on Jun 13, 2024

  1. trying to make a working system test

    @ShourieG
    ShourieG committed Jun 13, 2024
    Configuration menu
    Copy the full SHA
    fb78670 View commit details
    Browse the repository at this point in the history

Commits on Jun 17, 2024

  1. merged with upstream

    @ShourieG
    ShourieG committed Jun 17, 2024
    Configuration menu
    Copy the full SHA
    3902a02 View commit details
    Browse the repository at this point in the history

Commits on Jun 21, 2024

  1. initial working system tests added pending elastic-package changes to… 

    … detect rerouted datastreams
    @ShourieG
    ShourieG committed Jun 21, 2024
    Configuration menu
    Copy the full SHA
    6bec44b View commit details
    Browse the repository at this point in the history

Commits on Jul 2, 2024

  1. merged with upstream/main

    @ShourieG
    ShourieG committed Jul 2, 2024
    Configuration menu
    Copy the full SHA
    64f285b View commit details
    Browse the repository at this point in the history

Commits on Jul 10, 2024

  1. test commit to be reverted

    @ShourieG
    ShourieG committed Jul 10, 2024
    Configuration menu
    Copy the full SHA
    118b2d2 View commit details
    Browse the repository at this point in the history

Commits on Jul 12, 2024

  1. initial working test for dynamic template

    @ShourieG
    ShourieG committed Jul 12, 2024
    Configuration menu
    Copy the full SHA
    185e2f9 View commit details
    Browse the repository at this point in the history

  2. updated root org templates

    @ShourieG
    ShourieG committed Jul 12, 2024
    Configuration menu
    Copy the full SHA
    f784e75 View commit details
    Browse the repository at this point in the history

  3. reworked 'org' object mapping as tynamic template for all data streams

    @ShourieG
    ShourieG committed Jul 12, 2024
    Configuration menu
    Copy the full SHA
    4282225 View commit details
    Browse the repository at this point in the history

Commits on Jul 23, 2024

  1. Merge branch 'main' into security_lake/ocsf_1.1

    @ShourieG
    ShourieG committed Jul 23, 2024
    Configuration menu
    Copy the full SHA
    e2f8457 View commit details
    Browse the repository at this point in the history

Commits on Jul 30, 2024

  1. Merge remote-tracking branch 'upstream/main' into security_lake/ocsf_1.1

    @ShourieG
    ShourieG committed Jul 30, 2024
    Configuration menu
    Copy the full SHA
    d4788f4 View commit details
    Browse the repository at this point in the history

  2. segregated process fields in 'findings', added 'actor' fields for new… 

    … class support, ignore _dev folder
    @ShourieG
    ShourieG committed Jul 30, 2024
    Configuration menu
    Copy the full SHA
    32ed102 View commit details
    Browse the repository at this point in the history

  3. added fulnerability findings support and segregated 'resource' group … 

    …into it's own file
    @ShourieG
    ShourieG committed Jul 30, 2024
    Configuration menu
    Copy the full SHA
    78c1ea2 View commit details
    Browse the repository at this point in the history

  4. Merge remote-tracking branch 'upstream/main' into security_lake/ocsf_1.1

    @ShourieG
    ShourieG committed Jul 30, 2024
    Configuration menu
    Copy the full SHA
    0656284 View commit details
    Browse the repository at this point in the history

Commits on Aug 1, 2024

  1. added ntp activity event class, deprecated proxy event class, aded pr… 

    …oxy_endpoint field, uupdated network activity class and segregated endpoint event mappings into separate files across all data streams. updated ocsf object as necessary across respective data streams
    @ShourieG
    ShourieG committed Aug 1, 2024
    Configuration menu
    Copy the full SHA
    8f7122d View commit details
    Browse the repository at this point in the history

Commits on Aug 2, 2024

  1. added os patch state event class, segregated device fields across all… 

    … data streams, added new fields to support newly added event class
    @ShourieG
    ShourieG committed Aug 2, 2024
    Configuration menu
    Copy the full SHA
    5352aac View commit details
    Browse the repository at this point in the history

Commits on Aug 6, 2024

  1. added datastore activity event class, segregated actor, user & metada… 

    …ta fields across all data streams, flattened ldap fields in event data stream to make room for more fields
    @ShourieG
    ShourieG committed Aug 6, 2024
    Configuration menu
    Copy the full SHA
    ac66e6e View commit details
    Browse the repository at this point in the history

  2. added support for detection finding event class, segregated and mappe… 

    …d finding_info in findings data stream
    @ShourieG
    ShourieG committed Aug 6, 2024
    Configuration menu
    Copy the full SHA
    73b7be8 View commit details
    Browse the repository at this point in the history

Commits on Aug 7, 2024

  1. added support of compliance finding event class, segregated and updat… 

    …ed resources object group, added new objects as required
    @ShourieG
    ShourieG committed Aug 7, 2024
    Configuration menu
    Copy the full SHA
    1236584 View commit details
    Browse the repository at this point in the history

  2. segregated and expanded api object across all data streams, added sup… 

    …port for incitent findings event class
    @ShourieG
    ShourieG committed Aug 7, 2024
    Configuration menu
    Copy the full SHA
    03b5099 View commit details
    Browse the repository at this point in the history

Commits on Aug 8, 2024

  1. added support for Device Config State Change event class, updated sch… 

    …ema version in comment and dashboard links to 1.1.0
    @ShourieG
    ShourieG committed Aug 8, 2024
    Configuration menu
    Copy the full SHA
    e99119c View commit details
    Browse the repository at this point in the history

  2. added support for scan activity event class

    @ShourieG
    ShourieG committed Aug 8, 2024
    Configuration menu
    Copy the full SHA
    7e5f687 View commit details
    Browse the repository at this point in the history

  3. segregated file fields across required data streams, added support fo… 

    …r file hosting activity class
    @ShourieG
    ShourieG committed Aug 8, 2024
    Configuration menu
    Copy the full SHA
    516b63b View commit details
    Browse the repository at this point in the history

  4. added cwe & epss objects as flattened to cve object

    @ShourieG
    ShourieG committed Aug 8, 2024
    Configuration menu
    Copy the full SHA
    bf779a5 View commit details
    Browse the repository at this point in the history

  5. converted feature object to follow dynamic mapping rules across all d… 

    …ata streams
    @ShourieG
    ShourieG committed Aug 8, 2024
    Configuration menu
    Copy the full SHA
    97459f5 View commit details
    Browse the repository at this point in the history

  6. added firewall rule object to respective event categories

    @ShourieG
    ShourieG committed Aug 8, 2024
    Configuration menu
    Copy the full SHA
    bb88d57 View commit details
    Browse the repository at this point in the history

Commits on Aug 9, 2024

  1. added some missing fields after locally running system tests for disc… 

    …overy datastream
    @ShourieG
    ShourieG committed Aug 9, 2024
    Configuration menu
    Copy the full SHA
    f0fdc32 View commit details
    Browse the repository at this point in the history

  2. reworked terrform deployer to support multi-bucket based system tests

    @ShourieG
    ShourieG committed Aug 9, 2024
    Configuration menu
    Copy the full SHA
    0b356dc View commit details
    Browse the repository at this point in the history

  3. updated docs and changelog

    @ShourieG
    ShourieG committed Aug 9, 2024
    Configuration menu
    Copy the full SHA
    19ffbf7 View commit details
    Browse the repository at this point in the history

Commits on Aug 13, 2024

  1. fixed timestamp issues across all data streams, added all system test… 

    …s and updated missing mappings accorgingly
    @ShourieG
    ShourieG committed Aug 13, 2024
    Configuration menu
    Copy the full SHA
    dd90df2 View commit details
    Browse the repository at this point in the history

Commits on Aug 14, 2024

  1. resolved merge conflicts

    @ShourieG
    ShourieG committed Aug 14, 2024
    Configuration menu
    Copy the full SHA
    360c3d8 View commit details
    Browse the repository at this point in the history

Commits on Aug 19, 2024

  1. resolved merge conflicts

    @ShourieG
    ShourieG committed Aug 19, 2024
    Configuration menu
    Copy the full SHA
    2b1250d View commit details
    Browse the repository at this point in the history

  2. removed system test configs until respective elastic-package changes … 

    …are implemented
    @ShourieG
    ShourieG committed Aug 19, 2024
    Configuration menu
    Copy the full SHA
    2261431 View commit details
    Browse the repository at this point in the history

Commits on Aug 26, 2024

  1. updated with main, resolved merge conflicts

    @ShourieG
    ShourieG committed Aug 26, 2024
    Configuration menu
    Copy the full SHA
    5794401 View commit details
    Browse the repository at this point in the history

Commits on Aug 29, 2024

  1. Merge remote-tracking branch 'upstream/main' into security_lake/ocsf_1.1

    @ShourieG
    ShourieG committed Aug 29, 2024
    Configuration menu
    Copy the full SHA
    6e5bc7c View commit details
    Browse the repository at this point in the history

Commits on Oct 21, 2024

  1. Merge remote-tracking branch 'upstream/main' into security_lake/ocsf_1.1

    @ShourieG
    ShourieG committed Oct 21, 2024
    Configuration menu
    Copy the full SHA
    c204d18 View commit details
    Browse the repository at this point in the history

  2. updated docs, optimised timestamp conversion logic and changed *.type… 

    …_id from integer to keyword
    @ShourieG
    ShourieG committed Oct 21, 2024
    Configuration menu
    Copy the full SHA
    14bb1a5 View commit details
    Browse the repository at this point in the history

  3. changed algorithm_id from integer to keyword type mapping

    @ShourieG
    ShourieG committed Oct 21, 2024
    Configuration menu
    Copy the full SHA
    3ec9e28 View commit details
    Browse the repository at this point in the history

  4. updated state_id mappings from integer to keyword

    @ShourieG
    ShourieG committed Oct 21, 2024
    Configuration menu
    Copy the full SHA
    06209ba View commit details
    Browse the repository at this point in the history

Commits on Oct 23, 2024

  1. addressed PR comments and updated pipelines, file names and field map… 

    …pings accordingly
    @ShourieG
    ShourieG committed Oct 23, 2024
    Configuration menu
    Copy the full SHA
    69b2f19 View commit details
    Browse the repository at this point in the history