New OCSF siem integration

[YANG-DB]

Description

The next Integration encompasses the AWS & OCSF formats including number of AWS services such as:

	AWS Service	Log
Security, Identity, & Compliance	AWS CloudHSM	HSM audit logs
Security, Identity, & Compliance	Amazon GuardDuty	GuardDuty findings
Security, Identity, & Compliance	Amazon Inspector	Inspector findings
Security, Identity, & Compliance	AWS Directory Service	Microsoft AD
Security, Identity, & Compliance	AWS WAF	AWS WAF Web ACL traffic information AWS WAF Classic Web ACL traffic information
Security, Identity, & Compliance	AWS Security Hub	Security Hub findings GuardDuty findings Amazon Macie findings Amazon Inspector findings AWS IAM Access Analyzer findings
Security, Identity, & Compliance	AWS Network Firewall	Flow logs Alert logs
Management & Governance	AWS CloudTrail	CloudTrail Log Event CloudTrail Insight Event
Management & Governance	AWS Config	Configuration History Configuration Snapshot Config Rules
Management & Governance	AWS Trusted Advisor	Trusted Advisor Check Result
Networking & Content Delivery	Amazon CloudFront	Standard access log Real-time log
Networking & Content Delivery	Amazon Route 53 Resolver	VPC DNS query log
Networking & Content Delivery	Amazon Virtual Private Cloud (Amazon VPC)	VPC Flow Logs (Version5) Text / Parquet Format
Networking & Content Delivery	AWS Transit Gateway	VPC Flow Logs (Version6) Text / Parquet Format
Networking & Content Delivery	Elastic Load Balancing	Application Load Balancer access logs Network Load Balancer access logs Classic Load Balancer access logs
Networking & Content Delivery	AWS Client VPN	connection log
Storage	Amazon FSx for Windows File Server	audit log
Storage	Amazon Simple Storage Service (Amazon S3)	access log
Database	Amazon Relational Database Service (Amazon RDS)	Amazon Aurora(MySQL) Amazon Aurora(PostgreSQL) Amazon RDS for MariaDB Amazon RDS for MySQL Amazon RDS for PostgreSQL
Database	Amazon ElastiCache	ElastiCache for Redis SLOWLOG
Analytics	Amazon OpenSearch Service	Audit logs
Analytics	Amazon Managed Streaming for Apache Kafka (Amazon MSK)	Broker log
Compute	Linux OS via CloudWatch Logs	/var/log/messages /var/log/secure
Compute	Windows Server 2012/2016/2019 via CloudWatch Logs	System event log Security event log
Containers	Amazon Elastic Container Service (Amazon ECS) via FireLens	Framework only
End User Computing	Amazon WorkSpaces	Event log Inventory
Open Source Software	Apache Web Server	access log(CLF, combined, combinedio with XFF) error log
Open Source Software	NGINX Web Server	access log(combined with XFF) error log

---

This integration is based on Akihiro Nakajima OpenSearch SIEM Repo and is inspired by the work done there

OCSF schema

The Open Cybersecurity Schema Framework is an open-source project, delivering an extensible framework for developing schemas, along with a vendor-agnostic core security schema. Vendors and other data producers can adopt and extend the schema for their specific domains. Data engineers can map differing schemas to help security teams simplify data ingestion and normalization, so that data scientists and analysts can work with a common language for threat detection and investigation. The goal is to provide an open standard, adopted in any environment, application, or solution, while complementing existing security standards and processes.

Screenshots

Check List

• New functionality includes testing.
  • All tests pass, including unit test, integration test and doctest
• New functionality has been documented.
  • New functionality has javadoc added
  • New functionality has user manual doc added
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.