OpenSearch SIEM for ASEA Addon (#915)

* opensiem addon initial import

* prettier

* update build script

* update readme

* update files

* opensiem addon initial import

* prettier

* update build script

* update readme

* update files

* Tweak documentation

* update SIEM solution version

* prettier

* update SIEM readme

* remove dashboard.zip

* add the via-cwl true to the lambda processor config

Co-authored-by: Brian969 <56414362+Brian969@users.noreply.github.com>

Author: rjjaegeraws

reference-artifacts/Add-ons/opensiem/.eslintignore

@@ -0,0 +1,8 @@
+node_modules
+dist
+cdk.out
+# TODO Add ESLint for the UI project at one point, there are too many changes to do right now
+src/ui/*
+reference-artifacts
+deployment
+.eslintrc.js

reference-artifacts/Add-ons/opensiem/.gitignore

@@ -0,0 +1,11 @@
+*.js
+!jest.config.js
+
+node_modules
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
+
+config/license.txt
+**/dist

reference-artifacts/Add-ons/opensiem/.npmignore

@@ -0,0 +1,6 @@
+*.ts
+!*.d.ts
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

reference-artifacts/Add-ons/opensiem/.prettierrc

@@ -0,0 +1,7 @@
+{
+  "tabWidth": 2,
+  "printWidth": 120,
+  "singleQuote": true,
+  "trailingComma": "all",
+  "arrowParens": "avoid"
+}

reference-artifacts/Add-ons/opensiem/README.md

@@ -0,0 +1,54 @@
+{
+    "operationsAccountId": "----- REPLACE -----",
+    "logArchiveAccountId": "----- REPLACE -----",
+    "vpcId": "----- REPLACE -----",
+    "region": "ca-central-1",
+    "s3LogBuckets": [
+        "asea-logarchive-phase0-aescacentral1------ REPLACE -----",
+        "asea-logarchive-phase0-cacentral1------ REPLACE -----"
+    ],
+    "securityGroups": [
+        {
+            "name": "OpenSearch-SIEM-SG",
+            "inboundRules": [
+                {
+                    "description": "Allow Traffic Inbound",
+                    "tcpPorts": [
+                        443
+                    ],
+                    "source": [
+                        "10.0.0.0/8",
+                        "100.96.252.0/23",
+                        "100.96.250.0/23"
+                    ]
+                }
+            ],
+            "outboundRules": [
+                {
+                    "description": "All Outbound",
+                    "type": [
+                        "ALL"
+                    ],
+                    "source": [
+                        "0.0.0.0/0"
+                    ]
+                }
+            ]
+        }
+    ],
+    "appSubnets": [
+       "subnet------ REPLACE -----",
+       "subnet------ REPLACE -----"
+    ],
+    "lambdaLogProcessingRoleArn": "arn:aws:iam::----- REPLACE -----:role/SIEM-Lambda-Processor",
+    "cognitoDomainPrefix": "asea-siem------ REPLACE -----",
+    "openSearchDomainName": "siem",
+    "openSearchInstanceTypeMainNodes": "c6g.xlarge.search",
+    "openSearchInstanceTypeDataNodes": "r6g.xlarge.search",    
+    "openSearchCapacityMainNodes": 3,
+    "openSearchCapacityDataNodes": 4,
+    "openSearchVolumeSize": 100,
+    "openSearchConfiguration": "opensearch-config.json",    
+    "maxmindLicense": "license.txt",
+    "siemVersion": "v2.6.1a"
+}

reference-artifacts/Add-ons/opensiem/SiemConfig.json

@@ -0,0 +1,49 @@
+#!/usr/bin/env node
+
+/**
+ *  Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+
+import 'source-map-support/register';
+import * as cdk from 'aws-cdk-lib';
+import { OpenSearchSiemStack } from '../lib/opensearch-siem-stack';
+import { OpenSearchSiemS3NotificationsStack } from '../lib/opensearch-siem-s3-notifications-stack';
+import * as sc from '../lib/siem-config';
+
+sc.loadSiemConfig().then(siemConfig => {
+  console.log(siemConfig);
+
+  const app = new cdk.App();
+
+  new OpenSearchSiemStack(app, 'OpenSearchSiemStack', {
+    provisionServiceLinkedRole: false,
+    siemConfig,
+    env: {
+      account: siemConfig.operationsAccountId,
+      region: siemConfig.region,
+    },
+    tags: {
+      Application: 'OpenSearch SIEM',
+    },
+  });
+
+  new OpenSearchSiemS3NotificationsStack(app, 'OpenSearchSiemS3NotificationsStack', {
+    siemConfig,
+    env: {
+      account: siemConfig.logArchiveAccountId,
+      region: siemConfig.region,
+    },
+    tags: {
+      Application: 'OpenSearch SIEM',
+    },
+  });
+});

reference-artifacts/Add-ons/opensiem/bin/opensearch-siem.ts

@@ -0,0 +1,32 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/opensearch-siem.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
+    "@aws-cdk/core:stackRelativeExports": true,
+    "@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
+    "@aws-cdk/aws-lambda:recognizeVersionProps": true,
+    "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true,
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ]
+  }
+}