-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update AWS Services to make use of the discard_regex functionality #17388
Update AWS Services to make use of the discard_regex functionality #17388
Comments
Issue UpdateFound that the methods used in the I have made the necessary modifications so the |
Issue UpdateFollowing the modifications previously mentioned, the Respecting how the The
InspectorCommand output Debug level 2
Command output Debug level 3
CloudWatch LogsDiscard simple text logCommand output Debug level 2
Command output Debug level 3
Discard JSON logCommand output Debug level 2
Command output Debug level 3
ConclusionThe manual testing passed, what remains to be done is executing the module's integration tests and updating them accordingly. |
Issue UpdateThe AWS ITs have passed successfully:
Nevertheless, there were no cases to check the discard functionality for the Also, the debug level for the logs that match the regex has been reestablished to 2 to maintain consistency with the messages for bucket cases. |
Issue UpdateThe team has decided to modify the current behavior of the module. Currently, when the The ITs for
The documentation modifications are being added in wazuh/wazuh-documentation#6207. |
Issue UpdateThe feature is required for the upcoming InspectorCommand output Debug level 2
Command output Debug level 3
CloudWatch LogsDiscard simple text logCommand output Debug level 2
Command output Debug level 3
Discard JSON logCommand output Debug level 2
Command output Debug level 3
CloudTrailNormal executionossec.conf
ossec.log
|
The development is already merged: The Moving the issue to blocked until merging the IT is possible. |
Closing issue to not exceed code delivery ETA. AWS IT PR (wazuh/wazuh-qa#4278) cannot be merged until the development done in #17748 is pushed to all other branches. |
Description
We have found that the current implementation of the AWS Services integrations (Inspector and CloudWatch Logs) do not make use of the
discard_regex
functionality although an example of a configuration using it can be found in the documentation. The integrations take the value of the parameter when instantiated but they do not use it to filter the events it fetches because they lack the logic required fordiscard_regex
to work. We should make the necessary changes to make the proper use of the field available.Tasks
discard_regex
feature for the services integrations.The text was updated successfully, but these errors were encountered: