awslabs / hids-cloudwatchlogs-elasticsearch-template Goto Github PK
View Code? Open in Web Editor NEWMonitor Host-Based Intrusion Detection System Alerts on Amazon EC2 Instances
License: Apache License 2.0
Monitor Host-Based Intrusion Detection System Alerts on Amazon EC2 Instances
License: Apache License 2.0
According to the documentation of OSSEC, An OSSEC server
will monitor and analyse the log from remote agents
. Although it is not clearly clarified in their documentation, a server should be able to monitor itself too.
If my understanding is correct, i don't see remote agents are installed. Instead, two OSSEC servers are installed and the alerts.json are piped to lambda function via cloudwatch log agents.
When creating with CloudFormation I get the following error:
The runtime parameter of nodejs4.3 is no longer supported for creating or updating AWS Lambda functions. We recommend you use the new runtime (nodejs8.10) while creating or updating functions. (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException
I will create a pull request that updates to nodejs8.10.
Providing the information on how the AMI is configured will help in troubleshooting the issues while building this solution manually with few changes to better suite a specific environment.
I've created a similar solution by referring to this but using OSSEC 2.9.4 where the format of alerts output is changed and the lambda function is unable to process the alerts to Elasticsearch. Error: Process exited before completing request.
Older version format:
{"rule":{"level":6,"comment":"SSH insecure connection attempt (scan).","sidid":5706},"location":"/var/log/secure","full_log":"Aug 6 00:03:57 ip-10-0-0-100 sshd[12462]: Did not receive identification string from 127.0.0.1 port 35578"}
Newer version format:
{"rule":{"level":6,"comment":"SSH insecure connection attempt (scan).","sidid":5706},"srcip":"196.52.43.80","location":"/var/log/auth.log","full_log":"Aug 6 18:49:02 ip-15-0-213-229 sshd[3270]: Did not receive identification string from 196.52.43.80"}
Hoping for a resolution at the earliest possible.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.