Posted On: Oct 16, 2023
Security analytics in Amazon OpenSearch Service adds native support for Open Cybersecurity Schema Framework (OCSF) formatted data and provides security detection rules for OCSF data ingested from Amazon Security Lake. In addition, security analytics also supports ingesting virtually any custom log type and creating custom detection rules. Correlation engine helps reduce incident response time by analyzing and highlighting connections between potential security incidents.
Previously, customers had to map and convert OCSF data to another supported format to run security detection rules. Now, security analytics supports OCSF formatted data and includes the ability to run detection and correlation rules on this data. Along with currently supported security event log sources, customers asked to support custom application logs. By extending the security capabilities supported for prepackaged log types to custom log types, customers can get a comprehensive view of security events across their organization. Using the correlation engine, customers can detect relationships between logs generated from different sources, helping to reduce incident detection, analysis, and response times.
The new security analytics capabilities are now available in all the AWS Regions where Amazon OpenSearch Service is available. Please refer to the AWS Region Table for more information.
To get started with analyzing your OCSF data from Security Lake or ingesting custom log types, log in to OpenSearch Dashboards or use APIs for your Amazon OpenSearch Service domain with OpenSearch version 2.9. To learn more about security analytics, please see documentation.