search

elastic / integrations

Elastic Integrations
https://www.elastic.co/integrations
Other
194 stars 421 forks source link

[Amazon Security Lake] Add support for new objects and event classes, profiles and update schemas accordingly #10740

Open ShourieG opened 1 month ago

ShourieG commented 1 month ago

Add support for the following Event Classes, Objects & Profiles:

Event Classes

  1. User Inventory Info event class.
  2. Vulnerability Finding event class.
  3. NTP Activity event class
  4. OS Patch State event class.
  5. Datastore Activity event class 6005.
  6. Detection Finding event class.
  7. Incident Finding event class.
  8. Device Config Sate Change event class.
  9. Scan Activity event class.
  10. File Hosting Activity event class.
  11. Compliance Finding event class.

Profiles

  1. Network Proxy Profile for the Network Activity and Application Activity classes.
  2. Load Balancer Profile for the Network Activity classes.

Objects

  1. New cwe object to cve and vulnerability objects.
  2. Firewall Rule object.
  3. New kb_article object to house Knowledgebase Article info.
  4. New epss object to the cve object.

Meta issue https://github.com/elastic/integrations/issues/9607 for context.

elasticmachine commented 1 month ago

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)