You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1. Define new LogType(JSON) structure which holds log type's name, description and field mappings. For pre-packaged rules there should be set of files(1 file per log type) stored on disk. On Security Analytics startup, load these files into system index: .opensearch-sap-log-types-config.
2. User-defined(Custom) log types. Provide CRUD API for user to define its own custom log type. Custom log type will be defined by new LogType structure defined in first task and stored in .opensearch-sap-log-types-config index. Replace DetectorType enum with class which loads detector types(log types) from .opensearch-sap-log-types-config.
3. Modify existing Mappings APIs to utilize new JSON structure defined in first task, instead of mapping.json files.
4. Implement auto-detection of mapping schema(ECS, OCSF) used in log index.
linked issue #447
Tasks:
1. Define new LogType(JSON) structure which holds log type's name, description and field mappings. For pre-packaged rules there should be set of files(1 file per log type) stored on disk. On Security Analytics startup, load these files into system index:
.opensearch-sap-log-types-config.2. User-defined(Custom) log types. Provide CRUD API for user to define its own custom log type. Custom log type will be defined by new LogType structure defined in first task and stored in
.opensearch-sap-log-types-configindex. Replace DetectorType enum with class which loads detector types(log types) from.opensearch-sap-log-types-config.3. Modify existing Mappings APIs to utilize new JSON structure defined in first task, instead of mapping.json files.
4. Implement auto-detection of mapping schema(ECS, OCSF) used in log index.