Skip to content

Instantly share code, notes, and snippets.

@rupeshtiwari

rupeshtiwari/Building SIEM on Amazon OpenSearch.md

Last active January 5, 2025 23:11
Show Gist options
  • Save rupeshtiwari/19a734180dc054dc0c7ca67c023e9910 to your computer and use it in GitHub Desktop.
Save rupeshtiwari/19a734180dc054dc0c7ca67c023e9910 to your computer and use it in GitHub Desktop.
Download ZIP
Building SIEM on Amazon OpenSearch, aws
Raw
Building SIEM on Amazon OpenSearch.md

Building SIEM on Amazon OpenSearch

SIEM stands for Security Information and Event Management. It is a tool that helps organizations collect, store, and analyze security data from a variety of sources. This data can be used to identify security incidents, investigate security breaches, and comply with security regulations.

Customers need SIEM for a variety of reasons, including:

  • To improve their security posture
  • To comply with security regulations
  • To investigate security incidents
  • To identify and respond to security threats
  • To improve their incident response times

SIEM Stack

Component Name Description Open Source Options AWS Proposed Service
Log Ingestion Collects logs from various sources Graylog Amazon Kinesis or AWS Lambda or OpenSearch Ingestion
Log Normalization Standardizes log fields for easier analysis Graylog Amazon OpenSearch Service (with ingestion pipelines)
Log Caching Stores logs temporarily in case of storage issues Graylog Amazon ElastiCache or OpenSearch Service
Log Analysis Analyzes logs for suspicious activity Wazuh Amazon OpenSearch Service with built-in analysis tools
Rule Customization Creates custom rules to detect specific threats Wazuh Amazon OpenSearch Service (Alerting feature)
Alerting Generates alerts for suspicious activity Wazuh Amazon OpenSearch Service (Alerting feature)
Log Discarding Filters out unnecessary logs Wazuh AWS Lambda or OpenSearch Service Ingestion Pipelines
Back-end Storage Stores logs for long-term access Elasticsearch Amazon OpenSearch Service
Access Control Controls who can access specific logs Elasticsearch AWS Identity and Access Management (IAM) with OpenSearch Service
Visualization Provides dashboards for viewing logs Grafana Amazon OpenSearch Service (Dashboards) or Amazon QuickSight
Threat Intelligence Enrichment Enriches logs with threat intelligence data Graylog AWS Security Hub or Amazon OpenSearch Service

Architectures

  1. Using Security Hub and Amazon OpenSearch image
  2. Amazon Security Lake to Amazon OpenSearch Service
    image

References

Other videos

Raw
SIEM on AWS-2023-12-08-1343.excalidraw
{
"type": "excalidraw",
"version": 2,
"source": "https://excalidraw.com",
"elements": [
{
"id": "cg8oZyeT5QY_fJhisuQaX",
"type": "rectangle",
"x": 686,
"y": -564,
"width": 288,
"height": 85,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 3
},
"seed": 1205426475,
"version": 377,
"versionNonce": 1855847109,
"isDeleted": false,
"boundElements": [
{
"type": "text",
"id": "T9juaWAQZVSjnHLYpzsbd"
},
{
"id": "phn67wzlR_BP-_0-zBJ_c",
"type": "arrow"
},
{
"id": "dqyjMZvXsCzIA00rv8g35",
"type": "arrow"
},
{
"id": "-dsLUu8amq-768T6MXti_",
"type": "arrow"
},
{
"id": "_R0c0VrzZKAb1UKi0iSoA",
"type": "arrow"
}
],
"updated": 1702477202760,
"link": null,
"locked": false
},
{
"id": "T9juaWAQZVSjnHLYpzsbd",
"type": "text",
"x": 726.125,
"y": -546.5,
"width": 207.75,
"height": 50,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 1368766251,
"version": 343,
"versionNonce": 2096912933,
"isDeleted": false,
"boundElements": null,
"updated": 1702477202760,
"link": null,
"locked": false,
"text": "OpenSearch Ingestion\nserverless",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "center",
"verticalAlign": "middle",
"baseline": 43,
"containerId": "cg8oZyeT5QY_fJhisuQaX",
"originalText": "OpenSearch Ingestion\nserverless",
"lineHeight": 1.25
},
{
"id": "7_Fhb5whYPBdrCUWNPeHP",
"type": "diamond",
"x": 234,
"y": -579,
"width": 121,
"height": 120,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 483730821,
"version": 162,
"versionNonce": 358822699,
"isDeleted": false,
"boundElements": [
{
"type": "text",
"id": "OB4IRGEVlV_dydNsQDumw"
},
{
"id": "dqyjMZvXsCzIA00rv8g35",
"type": "arrow"
}
],
"updated": 1702475986006,
"link": null,
"locked": false
},
{
"id": "OB4IRGEVlV_dydNsQDumw",
"type": "text",
"x": 274.99166679382324,
"y": -531.5,
"width": 39.516666412353516,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 1698008485,
"version": 223,
"versionNonce": 1552520651,
"isDeleted": false,
"boundElements": null,
"updated": 1702475986006,
"link": null,
"locked": false,
"text": "WAF",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "center",
"verticalAlign": "middle",
"baseline": 18,
"containerId": "7_Fhb5whYPBdrCUWNPeHP",
"originalText": "WAF",
"lineHeight": 1.25
},
{
"id": "dqyjMZvXsCzIA00rv8g35",
"type": "arrow",
"x": 354.3248315079529,
"y": -523.6695885871541,
"width": 327.6751684920471,
"height": 10.165885570037858,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 2070737803,
"version": 1321,
"versionNonce": 1495919269,
"isDeleted": false,
"boundElements": [
{
"type": "text",
"id": "NgUuamo-j2OfUzMMsDzya"
}
],
"updated": 1702477202776,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
327.6751684920471,
10.165885570037858
]
],
"lastCommittedPoint": null,
"startBinding": {
"elementId": "7_Fhb5whYPBdrCUWNPeHP",
"focus": -0.10867477331586103,
"gap": 2.8401388871768063
},
"endBinding": {
"elementId": "cg8oZyeT5QY_fJhisuQaX",
"focus": -0.2680128004840285,
"gap": 4
},
"startArrowhead": null,
"endArrowhead": "arrow"
},
{
"id": "NgUuamo-j2OfUzMMsDzya",
"type": "text",
"x": 430.85921648896806,
"y": -532.4373193665689,
"width": 209.23333740234375,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 344358123,
"version": 24,
"versionNonce": 1379709003,
"isDeleted": false,
"boundElements": null,
"updated": 1702475982212,
"link": null,
"locked": false,
"text": "opentelemetry format",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "center",
"verticalAlign": "middle",
"baseline": 18,
"containerId": "dqyjMZvXsCzIA00rv8g35",
"originalText": "opentelemetry format",
"lineHeight": 1.25
},
{
"id": "phn67wzlR_BP-_0-zBJ_c",
"type": "arrow",
"x": 976,
"y": -514.4583965956468,
"width": 204.67676522074635,
"height": 241.66314097565896,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 1120046955,
"version": 1647,
"versionNonce": 1276043237,
"isDeleted": false,
"boundElements": null,
"updated": 1702477202776,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
204.67676522074635,
241.66314097565896
]
],
"lastCommittedPoint": null,
"startBinding": {
"elementId": "cg8oZyeT5QY_fJhisuQaX",
"focus": -0.7779988944168048,
"gap": 2
},
"endBinding": {
"elementId": "uH1pwXHJzecMW2Si3xGqD",
"focus": -0.4020570415291961,
"gap": 6.079443199537764
},
"startArrowhead": null,
"endArrowhead": "arrow"
},
{
"id": "uH1pwXHJzecMW2Si3xGqD",
"type": "ellipse",
"x": 1161,
"y": -293,
"width": 214,
"height": 132,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 219012389,
"version": 144,
"versionNonce": 1245762021,
"isDeleted": false,
"boundElements": [
{
"id": "phn67wzlR_BP-_0-zBJ_c",
"type": "arrow"
},
{
"id": "iZnI-iVTlEPYAzC58hRXs",
"type": "arrow"
}
],
"updated": 1702476562609,
"link": null,
"locked": false
},
{
"id": "fIBz77A0-WgMKk-AZ5CL2",
"type": "text",
"x": 1248,
"y": -245,
"width": 25.78333282470703,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 457869765,
"version": 3,
"versionNonce": 551361099,
"isDeleted": false,
"boundElements": null,
"updated": 1702475702145,
"link": null,
"locked": false,
"text": "S3",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "left",
"verticalAlign": "top",
"baseline": 18,
"containerId": null,
"originalText": "S3",
"lineHeight": 1.25
},
{
"id": "05VhxvTB9n1aPvBFnYJu1",
"type": "rectangle",
"x": 1200,
"y": -714,
"width": 323,
"height": 211,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 3
},
"seed": 1431126923,
"version": 325,
"versionNonce": 1565284939,
"isDeleted": false,
"boundElements": [
{
"type": "text",
"id": "oiwP0-YEOLPxDiVd_MzBj"
},
{
"id": "-dsLUu8amq-768T6MXti_",
"type": "arrow"
},
{
"id": "iZnI-iVTlEPYAzC58hRXs",
"type": "arrow"
}
],
"updated": 1702477222859,
"link": null,
"locked": false
},
{
"id": "oiwP0-YEOLPxDiVd_MzBj",
"type": "text",
"x": 1306.7000007629395,
"y": -621,
"width": 109.5999984741211,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 499577675,
"version": 296,
"versionNonce": 385931499,
"isDeleted": false,
"boundElements": null,
"updated": 1702477222859,
"link": null,
"locked": false,
"text": "OpenSearch",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "center",
"verticalAlign": "middle",
"baseline": 18,
"containerId": "05VhxvTB9n1aPvBFnYJu1",
"originalText": "OpenSearch",
"lineHeight": 1.25
},
{
"id": "lWtHPvKVyu3y4YtOnS7hu",
"type": "text",
"x": 1036,
"y": -278,
"width": 115.21666717529297,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 427136549,
"version": 86,
"versionNonce": 80848741,
"isDeleted": false,
"boundElements": null,
"updated": 1702475791025,
"link": null,
"locked": false,
"text": "all raw logs",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "left",
"verticalAlign": "top",
"baseline": 18,
"containerId": null,
"originalText": "all raw logs",
"lineHeight": 1.25
},
{
"id": "mKtSELd1FE-GeXXFgr6WG",
"type": "text",
"x": 1377,
"y": -239,
"width": 132.53334045410156,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 1348173541,
"version": 52,
"versionNonce": 1332429323,
"isDeleted": false,
"boundElements": null,
"updated": 1702476565649,
"link": null,
"locked": false,
"text": "opentelemetry",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "left",
"verticalAlign": "top",
"baseline": 18,
"containerId": null,
"originalText": "opentelemetry",
"lineHeight": 1.25
},
{
"id": "-dsLUu8amq-768T6MXti_",
"type": "arrow",
"x": 976,
"y": -523.0176213715581,
"width": 221,
"height": 81.90936692124467,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 587249125,
"version": 1860,
"versionNonce": 759814699,
"isDeleted": false,
"boundElements": null,
"updated": 1702477222859,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
221,
-81.90936692124467
]
],
"lastCommittedPoint": null,
"startBinding": {
"elementId": "cg8oZyeT5QY_fJhisuQaX",
"focus": 0.5463003987594153,
"gap": 2
},
"endBinding": {
"elementId": "05VhxvTB9n1aPvBFnYJu1",
"focus": 0.3471022030519565,
"gap": 3
},
"startArrowhead": null,
"endArrowhead": "arrow"
},
{
"id": "RcLOp5Zp6Ox3jpRDYwYrX",
"type": "text",
"x": 999,
"y": -645,
"width": 102.33333587646484,
"height": 50,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 1522909483,
"version": 220,
"versionNonce": 419856267,
"isDeleted": false,
"boundElements": null,
"updated": 1702476871062,
"link": null,
"locked": false,
"text": "sampling\naggreation",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "left",
"verticalAlign": "top",
"baseline": 43,
"containerId": null,
"originalText": "sampling\naggreation",
"lineHeight": 1.25
},
{
"id": "jmfmaduwm1UL_QHq58QKk",
"type": "line",
"x": 746,
"y": -480,
"width": 6,
"height": 270,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 422362795,
"version": 38,
"versionNonce": 739268357,
"isDeleted": false,
"boundElements": null,
"updated": 1702475850390,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
-6,
270
]
],
"lastCommittedPoint": null,
"startBinding": null,
"endBinding": null,
"startArrowhead": null,
"endArrowhead": null
},
{
"id": "QskJu_Nkp16t_m93oTUrV",
"type": "text",
"x": 755,
"y": -455,
"width": 123.96666717529297,
"height": 125,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 1347426757,
"version": 64,
"versionNonce": 835191205,
"isDeleted": false,
"boundElements": null,
"updated": 1702475886707,
"link": null,
"locked": false,
"text": "configuration\nYML \n\n400x\n500x",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "left",
"verticalAlign": "top",
"baseline": 118,
"containerId": null,
"originalText": "configuration\nYML \n\n400x\n500x",
"lineHeight": 1.25
},
{
"type": "text",
"version": 198,
"versionNonce": 953747371,
"isDeleted": false,
"id": "_WlJ38v0pQqmQEpSQLXZ2",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"angle": 0,
"x": 750.8333320617676,
"y": -323,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"width": 102.33333587646484,
"height": 50,
"seed": 1512867947,
"groupIds": [],
"frameId": null,
"roundness": null,
"boundElements": [],
"updated": 1702475891707,
"link": null,
"locked": false,
"fontSize": 20,
"fontFamily": 1,
"text": "sampling\naggreation",
"textAlign": "left",
"verticalAlign": "top",
"containerId": null,
"originalText": "sampling\naggreation",
"lineHeight": 1.25,
"baseline": 43
},
{
"id": "Fub01JKgsHckQaLSXDsYP",
"type": "text",
"x": 746,
"y": -241,
"width": 185,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 1256721259,
"version": 34,
"versionNonce": 1077056395,
"isDeleted": false,
"boundElements": null,
"updated": 1702475942673,
"link": null,
"locked": false,
"text": "Real-time anomaly ",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "left",
"verticalAlign": "top",
"baseline": 18,
"containerId": null,
"originalText": "Real-time anomaly ",
"lineHeight": 1.25
},
{
"id": "_R0c0VrzZKAb1UKi0iSoA",
"type": "arrow",
"x": 736.959386227911,
"y": -571,
"width": 4.608713524705536,
"height": 160.8550520102291,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 2087236357,
"version": 688,
"versionNonce": 2054221861,
"isDeleted": false,
"boundElements": null,
"updated": 1702477202778,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
4.608713524705536,
-160.8550520102291
]
],
"lastCommittedPoint": null,
"startBinding": {
"elementId": "cg8oZyeT5QY_fJhisuQaX",
"focus": -0.6504589114194237,
"gap": 7
},
"endBinding": {
"elementId": "MWFke0nwI0vVbTIPkDezk",
"focus": 0.024795589520442366,
"gap": 1
},
"startArrowhead": null,
"endArrowhead": "arrow"
},
{
"id": "MWFke0nwI0vVbTIPkDezk",
"type": "diamond",
"x": 679,
"y": -824,
"width": 130.99999999999997,
"height": 93,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 1080397515,
"version": 172,
"versionNonce": 217763339,
"isDeleted": false,
"boundElements": [
{
"type": "text",
"id": "C4BjB1_p4vXogI8U1U5sF"
},
{
"id": "KCfvY6GHXmhBsfoLccYnB",
"type": "arrow"
},
{
"id": "_R0c0VrzZKAb1UKi0iSoA",
"type": "arrow"
}
],
"updated": 1702476864650,
"link": null,
"locked": false
},
{
"id": "C4BjB1_p4vXogI8U1U5sF",
"type": "text",
"x": 725.6416664123535,
"y": -789.75,
"width": 37.21666717529297,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 1005890091,
"version": 248,
"versionNonce": 39933765,
"isDeleted": false,
"boundElements": null,
"updated": 1702476864529,
"link": null,
"locked": false,
"text": "SNS",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "center",
"verticalAlign": "middle",
"baseline": 18,
"containerId": "MWFke0nwI0vVbTIPkDezk",
"originalText": "SNS",
"lineHeight": 1.25
},
{
"id": "KCfvY6GHXmhBsfoLccYnB",
"type": "arrow",
"x": 749.7385786410025,
"y": -821.5073824126215,
"width": 210.3918517070167,
"height": 46.894528148282234,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 282407301,
"version": 270,
"versionNonce": 655238885,
"isDeleted": false,
"boundElements": null,
"updated": 1702476865329,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
210.3918517070167,
-46.894528148282234
]
],
"lastCommittedPoint": null,
"startBinding": {
"elementId": "MWFke0nwI0vVbTIPkDezk",
"focus": -0.9212853406401794,
"gap": 1
},
"endBinding": {
"elementId": "0w-rH5-ac3tXPwouK9yzH",
"focus": 0.13260515411840165,
"gap": 6.001963753632921
},
"startArrowhead": null,
"endArrowhead": "arrow"
},
{
"id": "0w-rH5-ac3tXPwouK9yzH",
"type": "ellipse",
"x": 966,
"y": -922,
"width": 85,
"height": 99,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 129022475,
"version": 109,
"versionNonce": 1598122789,
"isDeleted": false,
"boundElements": [
{
"type": "text",
"id": "qei3KZcaQku15_Fwhrvfl"
},
{
"id": "KCfvY6GHXmhBsfoLccYnB",
"type": "arrow"
}
],
"updated": 1702476473967,
"link": null,
"locked": false
},
{
"id": "qei3KZcaQku15_Fwhrvfl",
"type": "text",
"x": 988.6646289748646,
"y": -885.0017856687341,
"width": 39.56666564941406,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 1163850885,
"version": 89,
"versionNonce": 2089991813,
"isDeleted": false,
"boundElements": null,
"updated": 1702476473967,
"link": null,
"locked": false,
"text": "SOC",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "center",
"verticalAlign": "middle",
"baseline": 18,
"containerId": "0w-rH5-ac3tXPwouK9yzH",
"originalText": "SOC",
"lineHeight": 1.25
},
{
"id": "kfKk4a6EwEq0KCH1iGLfu",
"type": "ellipse",
"x": 383,
"y": 135,
"width": 96,
"height": 90,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 772200523,
"version": 143,
"versionNonce": 1010722603,
"isDeleted": false,
"boundElements": [
{
"type": "text",
"id": "ukasCVKKU_YZA7j_kpY32"
}
],
"updated": 1702476287958,
"link": null,
"locked": false
},
{
"id": "ukasCVKKU_YZA7j_kpY32",
"type": "text",
"x": 418.16720809069216,
"y": 167.68019484660536,
"width": 25.78333282470703,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 449319397,
"version": 116,
"versionNonce": 1776175563,
"isDeleted": false,
"boundElements": null,
"updated": 1702476287958,
"link": null,
"locked": false,
"text": "S3",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "center",
"verticalAlign": "middle",
"baseline": 18,
"containerId": "kfKk4a6EwEq0KCH1iGLfu",
"originalText": "S3",
"lineHeight": 1.25
},
{
"id": "iYWvvax3eSoWipu20exNy",
"type": "rectangle",
"x": 622,
"y": 61,
"width": 672,
"height": 211,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 3
},
"seed": 281928773,
"version": 239,
"versionNonce": 2067282725,
"isDeleted": false,
"boundElements": [
{
"id": "I7wVBp3BhPV5iGhOBbRQj",
"type": "arrow"
}
],
"updated": 1702477770586,
"link": null,
"locked": false
},
{
"id": "6ZDqWXGRpORos_YtwPEYo",
"type": "text",
"x": 688,
"y": 76,
"width": 271.26666259765625,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 1680897253,
"version": 99,
"versionNonce": 476615435,
"isDeleted": false,
"boundElements": null,
"updated": 1702476287958,
"link": null,
"locked": false,
"text": "Logging / Security Account",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "left",
"verticalAlign": "top",
"baseline": 18,
"containerId": null,
"originalText": "Logging / Security Account",
"lineHeight": 1.25
},
{
"type": "ellipse",
"version": 158,
"versionNonce": 1066924459,
"isDeleted": false,
"id": "0_GUNy0tcfcqntxmXoVGO",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"angle": 0,
"x": 459,
"y": 1,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"width": 96,
"height": 90,
"seed": 1916301765,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"boundElements": [
{
"type": "text",
"id": "rChEHnd8PkfoHVsGYc1z7"
}
],
"updated": 1702476287958,
"link": null,
"locked": false
},
{
"type": "text",
"version": 131,
"versionNonce": 560041035,
"isDeleted": false,
"id": "rChEHnd8PkfoHVsGYc1z7",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"angle": 0,
"x": 494.16720809069216,
"y": 33.68019484660536,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"width": 25.78333282470703,
"height": 25,
"seed": 875557157,
"groupIds": [],
"frameId": null,
"roundness": null,
"boundElements": [],
"updated": 1702476287958,
"link": null,
"locked": false,
"fontSize": 20,
"fontFamily": 1,
"text": "S3",
"textAlign": "center",
"verticalAlign": "middle",
"containerId": "0_GUNy0tcfcqntxmXoVGO",
"originalText": "S3",
"lineHeight": 1.25,
"baseline": 18
},
{
"id": "aix1BVdwbxp3UF_K5RKB8",
"type": "ellipse",
"x": 678,
"y": 157,
"width": 91,
"height": 71,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 1762332395,
"version": 134,
"versionNonce": 1168100075,
"isDeleted": false,
"boundElements": [
{
"type": "text",
"id": "JHReIQfmr35vaYM_wBZyZ"
}
],
"updated": 1702476287958,
"link": null,
"locked": false
},
{
"id": "JHReIQfmr35vaYM_wBZyZ",
"type": "text",
"x": 710.4349750436586,
"y": 179.89770926787756,
"width": 25.78333282470703,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 588057451,
"version": 120,
"versionNonce": 1356674443,
"isDeleted": false,
"boundElements": null,
"updated": 1702476287958,
"link": null,
"locked": false,
"text": "S3",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "center",
"verticalAlign": "middle",
"baseline": 18,
"containerId": "aix1BVdwbxp3UF_K5RKB8",
"originalText": "S3",
"lineHeight": 1.25
},
{
"id": "qiLyJunSPHLJVqzaBMxEx",
"type": "arrow",
"x": 547,
"y": 55,
"width": 143,
"height": 133,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 603087947,
"version": 92,
"versionNonce": 1918127147,
"isDeleted": false,
"boundElements": null,
"updated": 1702476287958,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
143,
133
]
],
"lastCommittedPoint": null,
"startBinding": null,
"endBinding": null,
"startArrowhead": null,
"endArrowhead": "arrow"
},
{
"id": "IiJQ-LtJFuwwm60wLpl_C",
"type": "arrow",
"x": 464,
"y": 185,
"width": 220,
"height": 4,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 1317045669,
"version": 114,
"versionNonce": 233803467,
"isDeleted": false,
"boundElements": null,
"updated": 1702476287958,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
220,
4
]
],
"lastCommittedPoint": null,
"startBinding": null,
"endBinding": null,
"startArrowhead": null,
"endArrowhead": "arrow"
},
{
"id": "9DzcIRU2OLivjoqpqNiOA",
"type": "rectangle",
"x": 934,
"y": 137,
"width": 288,
"height": 107,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 3
},
"seed": 1506385733,
"version": 126,
"versionNonce": 642350443,
"isDeleted": false,
"boundElements": null,
"updated": 1702476287958,
"link": null,
"locked": false
},
{
"id": "kR3AHPJ2SechstIOFw4f0",
"type": "text",
"x": 955,
"y": 182,
"width": 128.38333129882812,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 474651301,
"version": 78,
"versionNonce": 111974411,
"isDeleted": false,
"boundElements": null,
"updated": 1702476287958,
"link": null,
"locked": false,
"text": "SIEM STACK",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "left",
"verticalAlign": "top",
"baseline": 18,
"containerId": null,
"originalText": "SIEM STACK",
"lineHeight": 1.25
},
{
"id": "YhW2IB_JDyTY0vHGSwbbr",
"type": "diamond",
"x": 1383,
"y": 4,
"width": 62,
"height": 170,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 1618662859,
"version": 86,
"versionNonce": 756244139,
"isDeleted": false,
"boundElements": [
{
"type": "text",
"id": "v55XbsT5XICii0Q_v0Dbf"
},
{
"id": "I7wVBp3BhPV5iGhOBbRQj",
"type": "arrow"
}
],
"updated": 1702476287958,
"link": null,
"locked": false
},
{
"id": "v55XbsT5XICii0Q_v0Dbf",
"type": "text",
"x": 1406.7416667938232,
"y": 51.5,
"width": 14.516666412353516,
"height": 75,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 427336267,
"version": 71,
"versionNonce": 1948799307,
"isDeleted": false,
"boundElements": null,
"updated": 1702476287958,
"link": null,
"locked": false,
"text": "S\nO\nC",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "center",
"verticalAlign": "middle",
"baseline": 68,
"containerId": "YhW2IB_JDyTY0vHGSwbbr",
"originalText": "SOC",
"lineHeight": 1.25
},
{
"id": "I7wVBp3BhPV5iGhOBbRQj",
"type": "arrow",
"x": 1382.1704473611717,
"y": 90.46735566772873,
"width": 87.17044736117168,
"height": 35.12928128881026,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 1726718533,
"version": 210,
"versionNonce": 1781324645,
"isDeleted": false,
"boundElements": null,
"updated": 1702477770620,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
-87.17044736117168,
35.12928128881026
]
],
"lastCommittedPoint": null,
"startBinding": {
"elementId": "YhW2IB_JDyTY0vHGSwbbr",
"focus": 0.1336898395721925,
"gap": 1.2821006461832702
},
"endBinding": {
"elementId": "iYWvvax3eSoWipu20exNy",
"focus": 0.393954027429013,
"gap": 1
},
"startArrowhead": null,
"endArrowhead": "arrow"
},
{
"id": "QQeEId1KbCHWzohpiYb-0",
"type": "rectangle",
"x": 793,
"y": 158,
"width": 83.99999999999999,
"height": 46,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 3
},
"seed": 1339361573,
"version": 166,
"versionNonce": 2020946219,
"isDeleted": false,
"boundElements": [
{
"type": "text",
"id": "cesHPl0R9iSwryaJgbXpo"
},
{
"id": "TqI6rUDvD7f8ujVigJLIE",
"type": "arrow"
}
],
"updated": 1702476287958,
"link": null,
"locked": false
},
{
"id": "cesHPl0R9iSwryaJgbXpo",
"type": "text",
"x": 801.1416664123535,
"y": 168.5,
"width": 67.71666717529297,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 94887301,
"version": 171,
"versionNonce": 1219220427,
"isDeleted": false,
"boundElements": null,
"updated": 1702476287958,
"link": null,
"locked": false,
"text": "schema",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "center",
"verticalAlign": "middle",
"baseline": 18,
"containerId": "QQeEId1KbCHWzohpiYb-0",
"originalText": "schema",
"lineHeight": 1.25
},
{
"id": "TqI6rUDvD7f8ujVigJLIE",
"type": "arrow",
"x": 882,
"y": 184,
"width": 57,
"height": 1,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 1221074635,
"version": 181,
"versionNonce": 1770164901,
"isDeleted": false,
"boundElements": null,
"updated": 1702476288057,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
57,
1
]
],
"lastCommittedPoint": null,
"startBinding": {
"elementId": "QQeEId1KbCHWzohpiYb-0",
"focus": 0.09164818920916482,
"gap": 5
},
"endBinding": null,
"startArrowhead": null,
"endArrowhead": "arrow"
},
{
"id": "iZnI-iVTlEPYAzC58hRXs",
"type": "arrow",
"x": 1315.9859340190417,
"y": -287.36725998599354,
"width": 5.969534671881547,
"height": 213.63274001400646,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"seed": 48371269,
"version": 1058,
"versionNonce": 1337166699,
"isDeleted": false,
"boundElements": null,
"updated": 1702477222859,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
5.969534671881547,
-213.63274001400646
]
],
"lastCommittedPoint": null,
"startBinding": {
"elementId": "uH1pwXHJzecMW2Si3xGqD",
"focus": 0.4325873209122898,
"gap": 1.3330534312326563
},
"endBinding": {
"elementId": "05VhxvTB9n1aPvBFnYJu1",
"focus": 0.22220194141997232,
"gap": 2
},
"startArrowhead": null,
"endArrowhead": "arrow"
},
{
"id": "vXxS-I7e3FJ9yP6Exz0jH",
"type": "text",
"x": 1339,
"y": -413,
"width": 240.56666564941406,
"height": 50,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 1911617989,
"version": 51,
"versionNonce": 1540567787,
"isDeleted": false,
"boundElements": null,
"updated": 1702476584138,
"link": null,
"locked": false,
"text": "Zero ETL - S3 (spark)\nLive S3 data on-demand",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "left",
"verticalAlign": "top",
"baseline": 43,
"containerId": null,
"originalText": "Zero ETL - S3 (spark)\nLive S3 data on-demand",
"lineHeight": 1.25
},
{
"id": "YUddBBByrEQDc8J72xMEB",
"type": "text",
"x": 331,
"y": -284,
"width": 288.5333251953125,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 600401515,
"version": 30,
"versionNonce": 1825508997,
"isDeleted": false,
"boundElements": null,
"updated": 1702476837762,
"link": null,
"locked": false,
"text": "fluentbit--> Lamda --> AOS ",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "left",
"verticalAlign": "top",
"baseline": 18,
"containerId": null,
"originalText": "fluentbit--> Lamda --> AOS ",
"lineHeight": 1.25
},
{
"id": "cx5N7oG_Ad_Y6Wgdz6IY6",
"type": "rectangle",
"x": 304,
"y": -312,
"width": 333.99999999999994,
"height": 78,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 3
},
"seed": 1670414091,
"version": 88,
"versionNonce": 1091913285,
"isDeleted": false,
"boundElements": null,
"updated": 1702476831846,
"link": null,
"locked": false
},
{
"id": "Gz-qrz2SSQzzPb6TqjvL-",
"type": "text",
"x": 788,
"y": -594,
"width": 136.53334045410156,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 0,
"opacity": 100,
"groupIds": [],
"frameId": null,
"roundness": null,
"seed": 792334443,
"version": 17,
"versionNonce": 1889736133,
"isDeleted": false,
"boundElements": null,
"updated": 1702477197789,
"link": null,
"locked": false,
"text": "http://piipleine",
"fontSize": 20,
"fontFamily": 1,
"textAlign": "left",
"verticalAlign": "top",
"baseline": 18,
"containerId": null,
"originalText": "http://piipleine",
"lineHeight": 1.25
}
],
"appState": {
"gridSize": null,
"viewBackgroundColor": "#ffffff"
},
"files": {}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment