Posted On: Mar 14, 2023

Amazon OpenSearch Service announces security analytics that provides new threat monitoring, detection, and alerting features. These capabilities help you to detect and investigate potential security threats that may disrupt your business operations or pose a threat to sensitive organizational data. 

Security analytics is built on open source OpenSearch and comes pre-packaged with over 2200 open source Sigma security rules. These rules help you find potential security threats from your event logs in real time. Previously users needed to have prior security knowledge and expertise on multiple products to generate actionable security alerts and insights. With security analytics, users with no prior security experience can now leverage simplified workflows to correlate multiple security logs and investigate security incidents without leaving OpenSearch. To get started, you can create detectors by using pre-packaged rule sets that automatically detect and generate findings. You can use OpenSearch Dashboards to create visualizations, dashboards or reports to help generate additional insights for further security investigation. Additionally, you can create custom rules, customize security alerts based on threat severity, and receive automated notifications at your preferred destination such as email or a Slack channel.  

Security analytics is now available in all the AWS Regions where Amazon OpenSearch Service is available. Please refer to the AWS Region Table for more information about Amazon OpenSearch Service availability. 

To get started, log in to OpenSearch Dashboards or use APIs for your Amazon OpenSearch Service domain with OpenSearch version 2.5+. To learn more about security analytics, go here.