search

aws-samples / siem-on-amazon-opensearch-service

A solution for collecting, correlating and visualizing multiple types of logs to help investigate security incidents.
MIT No Attribution
584 stars 192 forks source link

EKS Audit Log Collected by Security Lake Not Loaded #459

Open yusukex2 opened 3 months ago

yusukex2 commented 3 months ago

Is EKS audit log collected by Security Lake supported atm? https://aws.amazon.com/about-aws/whats-new/2024/02/amazon-security-lake-audit-logs-eks/

I am trying to load EKS audit log from Security Lake S3 bucket to OpenSearch. es-loader gets invoked. However, the log is not loaded to OpenSearch with the following messages.

/var/task/aws_lambda_powertools/metrics/provider/base.py:208: UserWarning: No application metrics to publish. The cold-start metric may be published if enabled. If application metrics should never be empty, consider using 'raise_on_empty_metrics'

self.flush_metrics(raise_on_empty_metrics=raise_on_empty_metrics)

yusukex2 commented 1 week ago

Does anyone know how to load EKS audit logs to OpenSearch? Can we use aes-es-loader Lambda function?