b8c53f67c5
* new log categories Signed-off-by: Heather Halter <hdhalter@amazon.com> * fixed topic name in link Signed-off-by: Heather Halter <hdhalter@amazon.com> * added log names to table Signed-off-by: Heather Halter <hdhalter@amazon.com> * Update log-types.md minor changes needed in the names would be Microsoft Azure for Azure, Linux System logs instead of Sys logs Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM> * Update log-types.md Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM> * remove log name column Signed-off-by: Heather Halter <hdhalter@amazon.com> * remove table column formatting Signed-off-by: Heather Halter <hdhalter@amazon.com> * Update _security-analytics/sec-analytics-config/custom-log-type.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM> * Update _security-analytics/sec-analytics-config/log-types.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM> * Update _security-analytics/sec-analytics-config/log-types.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM> * Update _security-analytics/sec-analytics-config/log-types.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM> * Update _security-analytics/sec-analytics-config/log-types.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM> * Update _security-analytics/sec-analytics-config/log-types.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM> * Update _security-analytics/sec-analytics-config/log-types.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM> * Update _security-analytics/sec-analytics-config/log-types.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM> * Apply suggestions from code review Editorial updates. Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM> * Update log-types.md Fixed case in table. Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM> * Update log-types.md Double-checked the UI and category names are capitalized. Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM> * Update _security-analytics/sec-analytics-config/log-types.md Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM> --------- Signed-off-by: Heather Halter <hdhalter@amazon.com> Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Nathan Bower <nbower@amazon.com>
1.4 KiB
layout, title, parent, nav_order
| layout | title | parent | nav_order |
|---|---|---|---|
| default | Creating custom log types | Setting up Security Analytics | 18 |
Creating custom log types
Log types represent the different sources of data used for threat detection in Security Analytics. In addition to the standard log types supported by Security Analytics, you can create custom log types for your threat detectors.
Creating a custom log type
To create a custom log type:
-
From the dashboard, select OpenSearch Plugins > Security Analytics, and then select Detectors > Log types.
-
Select Create log type.
-
Enter a name and, optionally, a description for the log type.
The log type name supports characters a--z (lowercase), 0--9, hyphens, and underscores. {: .note }
-
Select a category. The categories are listed in Supported log types.
-
Select Create log type in the lower-right corner of the screen. The screen returns to the Log types page, and the new log type appears in the list. Note that the source for the new log type indicates Custom.
Log type API
To perform operations for custom log types using the REST API, see Log type APIs.