Skip to content

Commit 3cf103b

Browse files
stuartasiimwe7stuartasiimwe7
committed
updated documentation
1 parent c07bb60 commit 3cf103b

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

README.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,10 @@ Cloud environments generate high-volume, high-velocity activity logs (for exampl
33

44
Security teams struggle to normalise, store, and query these events quickly for incident response, compliance, and threat detection.
55

6-
Existing SIEMs can be costly or slow to adapt; many orgs need a focused, API-first way to ingest and surface security-relevant events.
6+
Existing SIEMs can be costly or slow to adapt; many orgs need a focused, API-first way to collect and surface securityrelevant events.
77

88
### Task
9-
- Build a lightweight, API-driven service to ingest AWS CloudTrail events, persist security-relevant records, and expose them via standardised endpoints.
9+
- Build a lightweight, API-driven service to pull AWS CloudTrail events, persist security-relevant records, and expose them via standardised endpoints.
1010
- Provide a foundation that can expand to other security sources (IAM, AWS Config) and integrate with dashboards/alerting.
1111
- Keep it developer-friendly (NestJS/TypeScript), operationally simple (PostgreSQL + TypeORM), and secure-by-default.
1212

@@ -24,7 +24,7 @@ Existing SIEMs can be costly or slow to adapt; many orgs need a focused, API-fir
2424
- `GET /aws-security/db-events`
2525
- `POST /cloudtrail/test`
2626
- There's WT auth for non-health endpoints and global validation.
27-
- There's scheduled ingestion (every 10 minutes) to persist CloudTrail events.
27+
- There's a scheduled job (every 10 minutes) to fetch and persist CloudTrail events.
2828

2929
### Result
3030
- An API-first security monitoring layer that:
@@ -34,7 +34,7 @@ Existing SIEMs can be costly or slow to adapt; many orgs need a focused, API-fir
3434
- Expected impact:
3535
- Faster incident response.
3636
- Easier compliance evidence since now we have an auditable event store.
37-
- Lower operational complexity vs. heavy SIEM ingestion for targeted AWS signals.
37+
- Lower operational complexity vs. heavy SIEM pipelines for targeted AWS signals.
3838

3939
---
4040

@@ -67,7 +67,7 @@ npm run start:dev
6767
# Get a token
6868
curl -s -X POST http://localhost:3000/auth/dev-token | jq -r .access_token > token.txt
6969

70-
# Ingest recent CloudTrail events to DB
70+
# Pull recent CloudTrail events to DB
7171
curl -H "Authorization: Bearer $(cat token.txt)" http://localhost:3000/aws-security/fetch-events
7272

7373
# Query stored events (DB)
@@ -99,7 +99,7 @@ Quick curl
9999
# token
100100
TOKEN=$(curl -s -X POST http://localhost:3000/auth/dev-token | jq -r .access_token)
101101

102-
# ingest
102+
# pull
103103
curl -H "Authorization: Bearer $TOKEN" http://localhost:3000/aws-security/fetch-events
104104

105105
# query stored
@@ -135,7 +135,7 @@ Get a JWT (dev token):
135135
```bash
136136
POST /auth/dev-token
137137
```
138-
Ingest recent CloudTrail events to the database:
138+
Pull recent CloudTrail events to the database:
139139
```bash
140140
GET /aws-security/fetch-events
141141
```

0 commit comments

Comments
 (0)