Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Amazon Security Lake integration - Fix Detection Finding mapping #219

Closed
2 tasks done
AlexRuiz7 opened this issue Apr 26, 2024 · 0 comments · Fixed by #220
Closed
2 tasks done

Amazon Security Lake integration - Fix Detection Finding mapping #219

AlexRuiz7 opened this issue Apr 26, 2024 · 0 comments · Fixed by #220
Assignees
@AlexRuiz7
Labels
level/task Task issue type/bug Bug issue

Comments

@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Apr 26, 2024
edited
Loading

Description

Related issue: #128

During the testing of #217, I've found out that our mapping has to the Detection Finding class of OCSF has some small problems that we need to fix, as it does not comply with the OCSF class schema.

Here's an example:

(.venv) @alex-GL66 ➜ amazon-security-lake-ocsf-validation git:(main) ✗ python validate.py -i parquet/

ATTEMPTING TO VALIDATE FILE: ext_wazuh_region=us-east-1_accountId=111111111111_eventDay=20240426_16c8c6c68f4845949f41ea1d6098913f.parquet

INVALID OCSF.

INVALID OCSF.

INVALID OCSF.

INVALID OCSF.

INVALID OCSF.

Sending verbose output to: /home/alex/wazuh/amazon-security-lake-ocsf-validation/output.txt

Check the output file for details. For example, ['finding_info']['attacks'] is an object, while it should be an array of objects.

output.txt

Tasks

  • Convert time from string to integer (epoch)
  • Convert ['finding_info']['attacks'] to a list of AttackInfo objects
@AlexRuiz7 AlexRuiz7 added level/task Task issue type/bug Bug issue labels Apr 26, 2024
@AlexRuiz7 AlexRuiz7 self-assigned this Apr 26, 2024
@wazuhci wazuhci moved this to Backlog in Release 4.9.0 Apr 26, 2024
@wazuhci wazuhci moved this from Backlog to In progress in Release 4.9.0 Apr 26, 2024
@AlexRuiz7 AlexRuiz7 mentioned this issue Apr 26, 2024
Merged
8 tasks
@wazuhci wazuhci moved this from In progress to Pending final review in Release 4.9.0 Apr 26, 2024
@wazuhci wazuhci moved this from Pending final review to Done in Release 4.9.0 Apr 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlexRuiz7 AlexRuiz7

Labels
level/task Task issue type/bug Bug issue
Projects
No open projects
Release 4.9.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix mapping to Detection Finding OCSF class wazuh/wazuh-indexer
1 participant
@AlexRuiz7