The integration to Amazon Security Lake first maps the raw Wazuh Events to OCSF, and then encodes the data as Parquet. The Wazuh Events mapped to OCSF as JSON format are not exported. We think it could be interesting to save them as intermediate JSON files. That could be also useful for debugging (see https://github.com/aws-samples/amazon-security-lake-ocsf-validation).
Tasks
[x] Extend the integration to save OCSF mapped events as JSON to an S3 bucket.
Description
Related issue: #128
The integration to Amazon Security Lake first maps the raw Wazuh Events to OCSF, and then encodes the data as Parquet. The Wazuh Events mapped to OCSF as JSON format are not exported. We think it could be interesting to save them as intermediate JSON files. That could be also useful for debugging (see https://github.com/aws-samples/amazon-security-lake-ocsf-validation).
Tasks