Open xeniatup opened 1 year ago
We should also consider the impact that https://github.com/opensearch-project/security-analytics/issues/573 and https://github.com/opensearch-project/security-analytics/issues/572 will have to the proposed structure.
Adding to backlog
The purpose of this RFC (request for comments) is to gather community feedback on a new proposal for log types categorization in Security Analytics plugin.
Problem
Currently the log types for data source are presented as an unstructured list in alphabetical order. Adding custom (user-defined) log types might present a scaling challenges for selecting, filtering, and searching the log types.
Solution
We propose to introduce categorization by grouping log types into logical buckets based on the type of service or application produced the log. This should help with finding specific log types faster and more confidently in the experiences like “Create detector”. Selecting multiple log types of a similar origin will be simplified as they will be grouped together. The categories will help to handle potential increase in the number of log types. Custom (user-defined) log types can be added to any of the categories.
Proposed structure:
Access Management
System activity
Network/Endpoint activity
Applications
Cloud services
Security findings
Other
Request for comments: