Skip to content

(addon): OpenSearch SIEM added CW Alarms #1056

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 3, 2022
Merged

(addon): OpenSearch SIEM added CW Alarms #1056

merged 4 commits into from
Oct 3, 2022

Conversation

@rjjaegeraws
Copy link
Contributor

@rjjaegeraws rjjaegeraws commented Sep 13, 2022

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Updates

  • Updated the CDK version to v2.40.0
  • Updated the OpenSearch cluster with the latest version 1.3 (will cause a Blue/Green Deployment)
  • Updated the OpenSearch cluster to use GP3 for the EBS volume type (will cause a Blue/Green Deployment)
  • Added 14 CloudWatch Alarms to monitor the OpenSearch cluster based on the recommendations here
  • Reduced the Lambda Processor memory to 512MB and changed timeout to 2 minutes
  • Added a SNS queue to send alerts to registered emails.
  • New configurations:
    • "alertNotificationEmails": ["user@email.com"] CloudWatch Alarm will send notifications to emails listed here
    • "enableLambdaInsights": true Will enable CloudWatch Lambda Insights. This brings visibility into memory usage to have data to fine tune the Processor Lambda.

@Brian969 Brian969 changed the title addon: OpenSearch SIEM added CW Alarms (addon): OpenSearch SIEM added CW Alarms Sep 29, 2022
@Brian969
Copy link
Contributor

Brian969 commented Sep 29, 2022

  • CDK update fixes inline nodejs12 deprecation, updating nodejs inline Lambda's

@Brian969 Brian969 added Priority Medium-High v1.5.4 In release v1.5.4 and removed v1.5.4 In release v1.5.4 labels Sep 29, 2022
Brian969
Brian969 approved these changes Oct 3, 2022
View reviewed changes
Copy link
Contributor

@Brian969 Brian969 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Successfully tested by Brent and LGTM

@Brian969 Brian969 merged commit b32f217 into aws-samples:main Oct 3, 2022
Brian969 added a commit that referenced this pull request Oct 4, 2022
@rjjaegeraws @rycerrat
@hickeydh-aws @Brian969 @ejahnke
(enhancement): Add GuardDuty Kubernetes Protection (#1058)
8d9fbc1 
* add frequency for GuardDuty

* update sample config files with new config option

* add guardduty eks support

* fix for issue with ALB forwarder when no HOSTS defined (#1019)

* Decreasing max concurrency limit to 10 (#1062)

* (Fix): SM jitter (#1050)

* exponential backoff fix

* exponential backoff fix

* Fixed backoff for lambdas

* added backoff in other location

* fixed lambda timeouts and added timeout aspect

* fixed typo

* tweak default max jitter delay to 2s from 5s

Co-authored-by: hickeydh-aws <hickeydh@amazon.com>
Co-authored-by: Brian969 <56414362+Brian969@users.noreply.github.com>

* (docs): Eb faq doc update (#1055)

* added Elastic Beanstalk entry to FAQ

* Update index.md

Co-authored-by: Jahnke <ejahnke@909c4acec9cf.ant.amazon.com>

* (addon): OpenSearch SIEM added CW Alarms (#1056)

* added CW Alarms

* fix typo

Co-authored-by: Brian969 <56414362+Brian969@users.noreply.github.com>

* (enhancement): Frequency for updated findings for GuardDuty (#1057)

* add frequency for GuardDuty

* update sample config files with new config option

* add guardduty eks support

Co-authored-by: rycerrat <42330513+rycerrat@users.noreply.github.com>
Co-authored-by: hickeydh-aws <88673813+hickeydh-aws@users.noreply.github.com>
Co-authored-by: hickeydh-aws <hickeydh@amazon.com>
Co-authored-by: Brian969 <56414362+Brian969@users.noreply.github.com>
Co-authored-by: Elden Jahnke <94935251+ejahnke@users.noreply.github.com>
Co-authored-by: Jahnke <ejahnke@909c4acec9cf.ant.amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Brian969 Brian969 Brian969 approved these changes

Assignees

No one assigned

Labels

Priority Medium-High

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rjjaegeraws @Brian969