bumpup to v2.10.3 and updated CHANGELOG

CHANGELOG.md

@@ -6,16 +6,33 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.10.3] - 2024-04-21
+### Added
+- Added support for a method to directly ingest logs from the S3 bucket of Security Lake #443
+- Promoted RDS (MySQL/PostgreSQL) from experimental support to official support and added a log-exporter for RDS #416,#425
+- Added support for parsing nanoseconds in ISO 8601 format #421,#422
+
+### Changed
+- Changed Lambda runtime from Python 3.8/3.9 to Python 3.11 #427
+- Enhanced SQS error handling #424
+- Prevented the creation of unnecessary indices when auto-rotation is disabled #419
+
+### Fixed
+- Fixed an issue with Control Tower Integration in GovCloud #445
+- Improved the logic to wait for the change to complete before making the next change when modifying the OpenSearch domain configuration #444
+- Fixed a parsing error for the source port in Linux SSH logs #426
+
 ## [2.10.2b] - 2024-03-30
 ### Added
 - Added support for Amazon OpenSearch 2.11 #432
 - Supports AWS ca-west-1/Canada (Calgary) Region #441
 
 ### Fixed
 - Fixed a bug in the botocore dependencies for the Lambda function that creates the IOC DB #440
+- PR security vulnerability of urllib3 from 1.26.17 to 1.26.18 #417,#418
 
 ### Security
-- Updated AWS SDK for pandas from 3.4.1 to v3.7.1 #442
+- Updated AWS SDK for pandas from 3.4.1 to v3.7.1 #420,#442
 
 ## [2.10.2a] - 2023-10-07
 ### Fixed

deployment/log-exporter/siem-integration-with-control-tower-china.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: Control Tower Integration"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: Control Tower Integration"
 Parameters:
   EsLoaderServiceRole:
     Type: String

deployment/log-exporter/siem-integration-with-control-tower-usgov.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: Control Tower Integration"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: Control Tower Integration"
 Parameters:
   EsLoaderServiceRole:
     Type: String

deployment/log-exporter/siem-integration-with-control-tower.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: Control Tower Integration"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: Control Tower Integration"
 Parameters:
   EsLoaderServiceRole:
     Type: String

deployment/log-exporter/siem-log-exporter-ad-china.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - Active Directory"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - Active Directory"
 Parameters:
   KdfAdName:
     Type: String

deployment/log-exporter/siem-log-exporter-ad-usgov.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - Active Directory"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - Active Directory"
 Parameters:
   KdfAdName:
     Type: String

deployment/log-exporter/siem-log-exporter-ad.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - Active Directory"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - Active Directory"
 Parameters:
   KdfAdName:
     Type: String

deployment/log-exporter/siem-log-exporter-apache-cwl-china.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - Apache"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - Apache"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-apache-cwl-usgov.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - Apache"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - Apache"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-apache-cwl.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - Apache"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - Apache"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-clientvpn-china.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - ClientVPN"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - ClientVPN"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-clientvpn-usgov.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - ClientVPN"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - ClientVPN"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-clientvpn.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - ClientVPN"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - ClientVPN"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-cloudhsm-cwl-china.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - CloudHSM"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - CloudHSM"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-cloudhsm-cwl-usgov.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - CloudHSM"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - CloudHSM"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-cloudhsm-cwl.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - CloudHSM"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - CloudHSM"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-core-china.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - core resource"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - core resource"
 Parameters:
   siemLogBucketName:
     Type: String

deployment/log-exporter/siem-log-exporter-core-usgov.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - core resource"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - core resource"
 Parameters:
   siemLogBucketName:
     Type: String

deployment/log-exporter/siem-log-exporter-core.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - core resource"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - core resource"
 Parameters:
   siemLogBucketName:
     Type: String

deployment/log-exporter/siem-log-exporter-cwl-nocompress-china.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - CWL resource without compress"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - CWL resource without compress"
 Parameters:
   KdfName:
     Type: String

deployment/log-exporter/siem-log-exporter-cwl-nocompress-usgov.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - CWL resource without compress"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - CWL resource without compress"
 Parameters:
   KdfName:
     Type: String

deployment/log-exporter/siem-log-exporter-cwl-nocompress.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - CWL resource without compress"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - CWL resource without compress"
 Parameters:
   KdfName:
     Type: String

deployment/log-exporter/siem-log-exporter-eventbridge-events-china.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - EventBridge events (SecurityHub, ConfigRules, Inspector)"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - EventBridge events (SecurityHub, ConfigRules, Inspector)"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:
@@ -131,7 +131,7 @@ Resources:
   RuleInspector4666D3F5:
     Type: AWS::Events::Rule
     Properties:
-      Description: "SIEM on OpenSearch Service v2.10.3-rc.1:"
+      Description: "SIEM on OpenSearch Service v2.10.3:"
       EventPattern:
         detail-type:
           - Inspector2 Coverage
@@ -154,7 +154,7 @@ Resources:
   RuleSecurityHubFDEAF80E:
     Type: AWS::Events::Rule
     Properties:
-      Description: "SIEM on OpenSearch Service v2.10.3-rc.1:"
+      Description: "SIEM on OpenSearch Service v2.10.3:"
       EventPattern:
         detail-type:
           - Security Hub Findings - Imported
@@ -176,7 +176,7 @@ Resources:
   RuleConfigRules81A566BA:
     Type: AWS::Events::Rule
     Properties:
-      Description: "SIEM on OpenSearch Service v2.10.3-rc.1:"
+      Description: "SIEM on OpenSearch Service v2.10.3:"
       EventPattern:
         detail-type:
           - Config Rules Compliance Change

deployment/log-exporter/siem-log-exporter-eventbridge-events-usgov.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - EventBridge events (SecurityHub, ConfigRules, Inspector)"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - EventBridge events (SecurityHub, ConfigRules, Inspector)"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:
@@ -131,7 +131,7 @@ Resources:
   RuleInspector4666D3F5:
     Type: AWS::Events::Rule
     Properties:
-      Description: "SIEM on OpenSearch Service v2.10.3-rc.1:"
+      Description: "SIEM on OpenSearch Service v2.10.3:"
       EventPattern:
         detail-type:
           - Inspector2 Coverage
@@ -154,7 +154,7 @@ Resources:
   RuleSecurityHubFDEAF80E:
     Type: AWS::Events::Rule
     Properties:
-      Description: "SIEM on OpenSearch Service v2.10.3-rc.1:"
+      Description: "SIEM on OpenSearch Service v2.10.3:"
       EventPattern:
         detail-type:
           - Security Hub Findings - Imported
@@ -176,7 +176,7 @@ Resources:
   RuleConfigRules81A566BA:
     Type: AWS::Events::Rule
     Properties:
-      Description: "SIEM on OpenSearch Service v2.10.3-rc.1:"
+      Description: "SIEM on OpenSearch Service v2.10.3:"
       EventPattern:
         detail-type:
           - Config Rules Compliance Change

deployment/log-exporter/siem-log-exporter-eventbridge-events.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - EventBridge events (SecurityHub, ConfigRules, Inspector)"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - EventBridge events (SecurityHub, ConfigRules, Inspector)"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:
@@ -131,7 +131,7 @@ Resources:
   RuleInspector4666D3F5:
     Type: AWS::Events::Rule
     Properties:
-      Description: "SIEM on OpenSearch Service v2.10.3-rc.1:"
+      Description: "SIEM on OpenSearch Service v2.10.3:"
       EventPattern:
         detail-type:
           - Inspector2 Coverage
@@ -154,7 +154,7 @@ Resources:
   RuleSecurityHubFDEAF80E:
     Type: AWS::Events::Rule
     Properties:
-      Description: "SIEM on OpenSearch Service v2.10.3-rc.1:"
+      Description: "SIEM on OpenSearch Service v2.10.3:"
       EventPattern:
         detail-type:
           - Security Hub Findings - Imported
@@ -176,7 +176,7 @@ Resources:
   RuleConfigRules81A566BA:
     Type: AWS::Events::Rule
     Properties:
-      Description: "SIEM on OpenSearch Service v2.10.3-rc.1:"
+      Description: "SIEM on OpenSearch Service v2.10.3:"
       EventPattern:
         detail-type:
           - Config Rules Compliance Change

deployment/log-exporter/siem-log-exporter-fsx-china.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - FSx resource without compress"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - FSx resource without compress"
 Parameters:
   FirehoseName:
     Type: String

deployment/log-exporter/siem-log-exporter-fsx-usgov.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - FSx resource without compress"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - FSx resource without compress"
 Parameters:
   FirehoseName:
     Type: String

deployment/log-exporter/siem-log-exporter-fsx.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - FSx resource without compress"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - FSx resource without compress"
 Parameters:
   FirehoseName:
     Type: String

deployment/log-exporter/siem-log-exporter-linux-cwl-china.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - Linux"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - Linux"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-linux-cwl-usgov.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - Linux"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - Linux"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-linux-cwl.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - Linux"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - Linux"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-nginx-cwl-china.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - Nginx"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - Nginx"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-nginx-cwl-usgov.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - Nginx"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - Nginx"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-nginx-cwl.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - Nginx"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - Nginx"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-rds-mysql-cwl-china.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - RDS Aurora MySQL/MariaDB/MySQL"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - RDS Aurora MySQL/MariaDB/MySQL"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-rds-mysql-cwl-usgov.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - RDS Aurora MySQL/MariaDB/MySQL"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - RDS Aurora MySQL/MariaDB/MySQL"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-rds-mysql-cwl.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - RDS Aurora MySQL/MariaDB/MySQL"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - RDS Aurora MySQL/MariaDB/MySQL"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-rds-postgresql-cwl-china.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - RDS Aurora PostgreSQL/PostgreSQL"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - RDS Aurora PostgreSQL/PostgreSQL"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-rds-postgresql-cwl-usgov.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - RDS Aurora PostgreSQL/PostgreSQL"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - RDS Aurora PostgreSQL/PostgreSQL"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-rds-postgresql-cwl.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - RDS Aurora PostgreSQL/PostgreSQL"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - RDS Aurora PostgreSQL/PostgreSQL"
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:

deployment/log-exporter/siem-log-exporter-trustedadvisor-china.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - TrustedAdvisor"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - TrustedAdvisor"
 Parameters:
   cweRulesFrequency:
     Type: Number
@@ -61,7 +61,7 @@ Resources:
           # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
           # SPDX-License-Identifier: MIT-0
           __copyright__ = 'Amazon.com, Inc. or its affiliates'
-          __version__ = '2.10.3-rc.1'
+          __version__ = '2.10.3'
           __license__ = 'MIT-0'
           __author__ = 'Katsuya Matsuoka'
           __url__ = 'https://github.com/aws-samples/siem-on-amazon-opensearch-service'

deployment/log-exporter/siem-log-exporter-trustedadvisor-usgov.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - TrustedAdvisor"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - TrustedAdvisor"
 Parameters:
   cweRulesFrequency:
     Type: Number
@@ -61,7 +61,7 @@ Resources:
           # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
           # SPDX-License-Identifier: MIT-0
           __copyright__ = 'Amazon.com, Inc. or its affiliates'
-          __version__ = '2.10.3-rc.1'
+          __version__ = '2.10.3'
           __license__ = 'MIT-0'
           __author__ = 'Katsuya Matsuoka'
           __url__ = 'https://github.com/aws-samples/siem-on-amazon-opensearch-service'

deployment/log-exporter/siem-log-exporter-trustedadvisor.template

@@ -1,4 +1,4 @@
-Description: "SIEM on Amazon OpenSearch Service v2.10.3-rc.1: log exporter - TrustedAdvisor"
+Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - TrustedAdvisor"
 Parameters:
   cweRulesFrequency:
     Type: Number
@@ -61,7 +61,7 @@ Resources:
           # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
           # SPDX-License-Identifier: MIT-0
           __copyright__ = 'Amazon.com, Inc. or its affiliates'
-          __version__ = '2.10.3-rc.1'
+          __version__ = '2.10.3'
           __license__ = 'MIT-0'
           __author__ = 'Katsuya Matsuoka'
           __url__ = 'https://github.com/aws-samples/siem-on-amazon-opensearch-service'