AWS Open Source Blog

Category: Security

OCSF logo

Celebrating One Year of OCSF: Simplifying Security Telemetry for a Stronger Defense

On the one-year anniversary of the Open Cybersecurity Schema Framework (OCSF) project, we’re thrilled to announce the release of OCSF v1.0.0 and reflect on the milestones we’ve achieved and the positive impact OCSF has had on the security industry.

AWS Open Source logo.

AWS Investing an Additional $10 Million in Open Source Supply Chain Security

Security is our top priority at AWS. As a result, we are committed to contributing to the quality and safety of open source software. We see great value in contributing both engineering efforts and also projects, tools, training, and guidelines to help improve the security of open source software. These efforts benefit us, our customers, […]

kras99 - stock.adobe.com internet digital security technology concept for business background. Lock on circuit board

Security features of Bottlerocket, an open source Linux-based operating system

Bottlerocket is an open source Linux-based operating system from Amazon that was purpose built for running containers with a strong emphasis on security. The result is an operating system that comes with a variety of built-in controls for creating a secure environment for running containerized workloads. In this post, we’ll explore several of the security […]

kras99 - stock.adobe.com internet digital security technology concept for business background. Lock on circuit board

Introducing AWS Security Analytics Bootstrap

Organizations running workloads in Amazon Web Services (AWS) often must search and analyze logs to troubleshoot or investigate operations, governance, or security events. Amazon Athena enables AWS customers to search and analyze log data directly from in Amazon Simple Storage Service (Amazon S3) using standard SQL queries. Additionally, we understand that customers need a common […]

Song_about_summer – stock.adobe.com

Scaling threat prevention on AWS with Suricata

This post was written by Victor Julien, Kelley Misata, Shakeel Ahmad, and Maritza Mills. Suricata is a fast, robust, open source network threat detection engine that includes real-time intrusion detection (IDS), an inline intrusion prevention system (IPS), network security monitoring (NSM), and offline packet capture (pcap) processing. Suricata is owned by the community-run, non-profit Open […]

How a startup wants to help secure the open source ecosystem with huntr, a bug bounty board

This article is a guest post from 418sec co-founders Adam Nygate, Jake Mimoni, and Jamie Slome. Dependency on open source code has grown over the years, and as new open source technologies are introduced, so are more vulnerabilities. Review by “many eyes” helps secure open source software, and depends on exposing the code to as […]

Open Distro for Elasticsearch logo.

Launching Open Distro for Elasticsearch security features on Amazon Elasticsearch Service

We are excited to announce that we are making new Open Distro for Elasticsearch security features available on Amazon Elasticsearch Service. Amazon Elasticsearch Service is frequently used for sensitive enterprise workloads, and today’s launch adds multiple capabilities to give you even tighter control over your data. New features include the ability to use roles to […]

Security Hub Cloud Custodian logo

Announcing Cloud Custodian Integration with AWS Security Hub

中文版 One of the popular options for automated security, compliance, and cost management solutions in the cloud is Cloud Custodian, an open source project sponsored by Capital One. Cloud Custodian is a flexible rules engine with policies written in simple YAML configuration files, with support for over 144 AWS resource types. However, because Cloud Custodian […]