Add alias support to Security Analytics#6284
Merged
Naarcha-AWS merged 9 commits intomainfrom Feb 8, 2024
Merged
Conversation
Signed-off-by: Naarcha-AWS <naarcha@amazon.com>
Naarcha-AWS
requested review from
AMoo-Miki,
dlvenable,
hdhalter,
kolchfa-aws,
natebower and
vagimeli
as code owners
hdhalter
changed the title
jowg-amazon
reviewed
Feb 6, 2024
| 1. In the **Data source** section, select one or more sources for the log data. Use an asterisk (*) to indicate a wildcard pattern. When selecting multiple data sources, their logs must be of the same type. We recommend creating separate detectors for different log types. | ||
| 1. In the **Data source** section, select one or more sources for the log data. Use an asterisk (*) to indicate a wildcard pattern. When selecting multiple data sources, their logs must be of the same type. We recommend creating separate detectors for different log types. | ||
|
|
||
| Data sources support the use of [aliases]({{site.url}}{{site.baseurl}}/im-plugin/index-alias/). However, if you're configuring an alias as data source, it must be attached to a **Write** index alias, since Security Analytics only supports [data stream]({{site.url}}{{site.baseurl}}/im-plugin/data-streams/) for time-series generated data. Furthermore, when using an alias, ensure that your documents are ingesting through the alias and **not** the index(es) the alias was created for. |
There was a problem hiding this comment.
This part since Security Analytics only supports [data stream] might be a little misleading? We support both aliases and data streams independently. A data stream by definition will have a write index. However, aliases in opensearch are also allowed to point to read only indices which is why we want to ensure that if a detector is configured on an alias, then it needs point to at least one write index.
Naarcha-AWS
commented
Feb 6, 2024
hdhalter
added
the
release-notes
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Naarcha-AWS
added
Doc review
vagimeli
approved these changes
Feb 6, 2024
Contributor
vagimeli
left a comment
vagimeli
left a comment
There was a problem hiding this comment.
Doc review complete. Please see the edits.
Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Naarcha-AWS
added
5 - Final Editorial Review
and removed
Doc review
natebower
suggested changes
Feb 7, 2024
Contributor
natebower
left a comment
natebower
left a comment
There was a problem hiding this comment.
@Naarcha-AWS Please tag me when complete so I can approve the revision to line 26. Thanks!
Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Naarcha-AWS
added
Done but waiting to merge
hdhalter
added
3 - Done
and removed
Done but waiting to merge
oeyh
pushed a commit
to oeyh/documentation-website
that referenced
this pull request
Mar 14, 2024
* Add alias support to SA. Signed-off-by: Naarcha-AWS <naarcha@amazon.com> * Fix links Signed-off-by: Naarcha-AWS <naarcha@amazon.com> * Update detectors-config.md Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --------- Signed-off-by: Naarcha-AWS <naarcha@amazon.com> Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Co-authored-by: Nathan Bower <nbower@amazon.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #6141
Checklist
For more information on following Developer Certificate of Origin and signing off your commits, please check here.