Posted On: Mar 14, 2023
Amazon OpenSearch Service announces security analytics that provides new threat monitoring, detection, and alerting features. These capabilities help you to detect and investigate potential security threats that may disrupt your processes or pose a threat to sensitive organizational data.
Security analytics is built on open source OpenSearch and comes pre-packaged with over 2200 open source Sigma security rules. These rules help you find potential security threats from your event logs in real time. Previously users needed to have prior security knowledge and expertise on multiple products to generate actionable security alerts and insights. With security analytics, users with no prior security experience can now leverage simplified workflows to correlate multiple security logs and investigate security incidents without leaving OpenSearch. To get started, you can create detectors by using pre-packaged rule sets that automatically detect and generate findings. You can use OpenSearch Dashboards to create visualizations, dashboards or reports to help generate additional insights for further security investigation. Additionally, you can create custom rules, customize security alerts based on threat severity, and receive automated notifications at your preferred destination such as email or a Slack channel.
This feature can be enabled on Amazon OpenSearch Service domains with OpenSearch version 2.5 or higher in the Amazon Web Services China (Ningxia) Region, operated by NWCD, and the Amazon Web Services China (Beijing) Region, operated by Sinnet.
To get started, log in to OpenSearch Dashboards or use APIs on your Amazon OpenSearch Service domain with OpenSearch version 2.5+. To learn more, see the documentation.