Tag: OpenSearch

July 29, 2024: Original publication date of this post. The current version was updated to make the instructions clearer and compatible with OCSF 1.1. Customers often require multiple log sources across their AWS environment to empower their teams to respond and investigate security events. In part one of this two-part blog post, I show you […]

AWS re:Inforce took place in Anaheim, California, on June 13–14, 2023. AWS customers, partners, and industry peers participated in hundreds of technical and non-technical security-focused sessions across six tracks, an Expo featuring AWS experts and AWS Security Competency Partners, and keynote and leadership sessions. The threat detection and incident response track showcased how AWS customers […]

April 23, 2025: We updated the code, screenshots, and narrative. This blog post shows you how to use the machine learning capabilities of HAQM OpenSearch Service to detect and visualize anomalies in AWS WAF logs. AWS WAF logs are streamed to HAQM OpenSearch Service using HAQM Kinesis Data Firehose. Kinesis Data Firehose invokes an AWS […]