Support a method to directly ingest logs from the S3 bucket of Security Lake - Githubissues

aws-samples / siem-on-amazon-opensearch-service

A solution for collecting, correlating and visualizing multiple types of logs to help investigate security incidents.

MIT No Attribution

558 stars 185 forks source link

Support a method to directly ingest logs from the S3 bucket of Security Lake #443

Closed valmet083 closed 3 months ago

valmet083 commented 3 months ago

Summary

To ingest logs from Security Lake, it is necessary to obtain the logs through a subscriber with the method described in the documentation below. Having a method to manually ingest specific logs can provide greater flexibility for log investigation. https://github.com/aws-samples/siem-on-amazon-opensearch-service/blob/main/docs/securitylake.md

Usecase

Considering the cost, we have set the log retention period for SIEM on Amazon OpenSearch Service to 90 days.
The S3 bucket and the SIEM on Amazon OpenSearch Service are on the same AWS account.
We want to be able to import logs from the Security Lake's S3 bucket and analyze logs that have exceeded the retention period when necessary.