AWS SIEM development with SecOps - lab setup

[NickCorcoran]

Describe the Issue While we initially stood up a SIEM using OpenSearch, we needed to scale down usage due to costs for our team. SecOps has a desire to re-instate this capability, and it is very likely they will help cover the cost. We will stand up a the SecOps lab environment to closely mirror what we have in our ASEA and prep for rollout to Forge.

Additional Context Add any other context, attachments or screenshots

Acceptance Criteria

• [x] Review existing scaled down setup in ASEA
• [x] Stand up toolset in SecOps lab (SecOps will be doing this work)
• [ ] Set some initial consumption/alert rulesets (starting small)
• [ ] Review with Prabhu/Warren

[NickCorcoran]

This has been going on for a while. To review w/ SecOps on progress.

[NickCorcoran]

This has been going on for a while. To review w/ SecOps on progress.