Guys?
Also posted a reminder to the Slack channel.
Hi @neographikal -
Thanks for reaching out in slack. Sometimes the different ways we gather information can get a bit muddled. Iāve forwarded your message to our documentation manager to see if we can get some movement forward.
Letās not forget that if you end up learning something that doesnāt appear in the documentation, we would love for you to submit your work as a PR.
Right now, I think the best thing to do is to file very specific issues in the documentation repo indicating what information is missing and/or what doesnāt make sense or is incorrect.
Iāll keep tapping @hdhalter on the shoulder and see if thereās a plan to make the feature better.
Nate
Thanks for the nudge, @nateynate, and thanks for your persistence, @neographikal! We have been a bit underwater lately, but have some bandwidth to work on the updates to the security analytics documentation starting this week. The information provided in this post and the issue is very helpful in pointing out specific areas that need to be updated, and we really appreciate the time it took to write out the details. The tech writer, @Naarcha, will be in touch if there are any questions. Again, thanks for your patience and if there is anything else you need from the doc team, please reach out in Slack, GitHub, or in the forum.
Iām not shy when it comes to contributing to the docs, Iāve done it in the past. The problem is: I donāt know where to begin. I truly canāt make heads or tails from the log sources and mapping currently present in security analytics and Iāve tried a fair amount of log forwarders. Gathering from the messages on Slack and here Iām not alone.
The problem isnāt that it isnāt one thing that needs to be fixed. Itās applies to every log source. Thanks for all the effort!
Thanks! Weāll do our best to sort it out and make it understandable from a documentation standpoint.
Great thanks!
Any news?
Yes maāam!
@neographikal: Hereās a draft of the update log types documentation for your review: Add log types section to Security Analytics by Naarcha-AWS Ā· Pull Request #6235 Ā· opensearch-project/documentation-website Ā· GitHub.
I split each log type into its own page so it would be easier to find the mappings for each. Let me know your feedback.
Thanks for all the work! Itās kind of difficult because Iām looking at the diffs and the raw markup, is there a rendered version somewhere I could review?
Maybe I missed it, but has the ingest of the data been documented? How do you get the data in opensearch so that the security analytics module can parse it and generate alerts?
Hi @neographikal, let me make a few more edits and send you the screenshots of each page.
As far as the ingestion piece, thatās something I might need a little more assistant on. Would you be interested in meeting on a Zoom call so we can discuss it more?
Great thanks, sure no problem. You could send me an email at sander.vandegeijn@wur.nl so we can schedule a call.
Is there any news on this?
Afraid I donāt have any updates, tried to schedule an appointment to review de documentation, but it hasnāt been planned yet
Hi all! Recently, we added a new log types section which includes the data mappings for most standard log types. You can find that here: Supported log types - OpenSearch Documentation
Still would love to find the time to meet so considering starting a consistent office hours. If thatās something you would be interested in, let me know.
In the meantime, the best way to bring things to our attention is to post an issue in the documentation website repo.
Hi Naarcha,
Thank you for the effort, this gives some insight! But whatās missing is an effective guide on how to get the data in opensearch in these formats, which log ingesters / pipelines do you need to use? I tried to plan a meeting with Nate, but that hasnāt worked out.