Slow es-loader with warning

aws-samples / siem-on-amazon-opensearch-service

A solution for collecting, correlating and visualizing multiple types of logs to help investigate security incidents.

MIT No Attribution

558 stars 185 forks source link

Slow es-loader with warning #438

Open duffybelfield opened 4 months ago

duffybelfield commented 4 months ago

Hi there,

Seeing in the slow es-loader requests:

{ "level": "WARNING", "message": "ioc.db is not found in s3", "location": "_download_database:130", "timestamp": "2024-03-13 09:36:31,496+0000", "service": "es-loader" }

What am I missing here? Should I be putting the ioc.db into s3?

nakajiak commented 3 months ago

Hello,

If you don't perform IoC (Indicator of Compromise) matching for threat intelligence information, please ignore it. If you do need to perform IoC matching, you can configure it using CloudFormation template, which will automatically create the ioc.db file.