Provide Configurations Details for ingestion VPC Flow Logs via Kinesis

aws-samples / siem-on-amazon-opensearch-service

A solution for collecting, correlating and visualizing multiple types of logs to help investigate security incidents.

MIT No Attribution

567 stars 185 forks source link

Provide Configurations Details for ingestion VPC Flow Logs via Kinesis #344

Open KatTraxler opened 1 year ago

KatTraxler commented 1 year ago

Hello. Please provide the configuration detail on the loading of VPC Flow logs via a Kinesis Delivery Stream. Can you specify if data transformation via a lambda is required for dynamic partitioning? And/Or the S3 prefix of the log bucket when loading via Kinesis

nakajiak commented 1 year ago

Hi KatTraxler, thanks for the feedback. VPC Flow logs via Kinesis Data Firehose is not supported. Investigation of this logs indicated that a aws.ini update is required. Updating Document alone is not enough to support that format. So please directly export VPC Flow logs to S3 bucket or use AWS Security Lake.