Merge branch 'main' into doc-6823

opensearch-project · Apr 4, 2024 · caa0944 · caa0944
2 parents 0f65dd6 + cc3c11f
commit caa0944
Show file tree

Hide file tree

Showing 27 changed files with 2,357 additions and 91 deletions.
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -16,6 +16,7 @@ jobs:
     # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target.
     if: >
       github.event.pull_request.merged
+      && github.repository == 'opensearch-project/documentation-website'
       && (
         github.event.action == 'closed'
         || (
@@ -38,3 +39,12 @@ jobs:
         with:
           github_token: ${{ steps.github_app_token.outputs.token }}
           head_template: backport/backport-<%= number %>-to-<%= base %>
+
+      - name: Label new backport PR with backport-automerge label
+        run: |
+          PR_BRANCH=backport/backport-${{ github.event.pull_request.number }}-to-`echo ${{ github.event.label.name }} | cut -d ' ' -f2`
+          PR_NUMBER=`gh pr list -R opensearch-project/documentation-website --json "number,headRefName" --state open | jq -r ".[] | select(.headRefName == \"$PR_BRANCH\") | .number"`
+          echo "Update Backport PR '#$PR_NUMBER' on branch '$PR_BRANCH' with 'backport-automerge' label"
+          gh issue edit -R opensearch-project/documentation-website $PR_NUMBER --add-label backport-automerge
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/delete_merged_branch.yml b/.github/workflows/delete_merged_branch.yml
@@ -8,7 +8,7 @@ jobs:
   delete-branch:
     runs-on: ubuntu-latest
     if: |
-      startsWith(github.event.pull_request.head.repo.full_name, 'opensearch-project/documentation-website') &&
+      github.repository == 'opensearch-project/documentation-website' &&
       ${{ !startsWith(github.event.pull_request.head.ref, 'main') }} &&
       ${{ !startsWith(github.event.pull_request.head.ref, '1.') }} &&
       ${{ !startsWith(github.event.pull_request.head.ref, '2.') }} &&

diff --git a/_ml-commons-plugin/agents-tools/agents-tools-tutorial.md b/_ml-commons-plugin/agents-tools/agents-tools-tutorial.md
@@ -365,10 +365,11 @@ Only superadmin users can register a hidden agent. To register a hidden agent, y
 curl -k --cert ./kirk.pem --key ./kirk-key.pem -XGET 'https://localhost:9200/.opendistro_security/_search'
 ```
 
-All agents created by a superadmin user are automatically registered as hidden. To register a hidden agent, send a request to the `_register` endpoint:
+All agents created by a superadmin user are automatically registered as hidden. Only the superadmin user can view hidden agent details and delete hidden agents.
+To register a hidden agent, send a request to the `_register` endpoint:
 
 ```bash
-curl -k --cert ./kirk.pem --key ./kirk-key.pem -X POST 'https://localhost:9200/_plugins/_ml/models/_register' -H 'Content-Type: application/json' -d '
+curl -k --cert ./kirk.pem --key ./kirk-key.pem -X POST 'https://localhost:9200/_plugins/_ml/agents/_register' -H 'Content-Type: application/json' -d '
 {
   "name": "Test_Agent_For_RAG",
   "type": "flow",

diff --git a/_security-analytics/index.md b/_security-analytics/index.md
@@ -39,7 +39,7 @@ For information about configuring detectors, see [Creating detectors]({{site.url
 
 ### Log types
 
-Log types provide the data used to evaluate events occurring in a system. OpenSearch supports several types of logs and provides out-of-the-box mappings for the most common log sources. See [Supported log types]({{site.url}}{{site.baseurl}}/security-analytics/sec-analytics-config/log-types/) for a list of log types currently supported by Security Analytics.
+[Log types]({{site.url}}{{site.baseurl}}/security-analytics/sec-analytics-config/log-types/) provide the data used to evaluate events occurring in a system. OpenSearch supports several types of logs and provides out-of-the-box mappings for the most common log sources.
 
 Log types are specified during the creation of detectors, including steps for mapping log fields to the detector. Security Analytics also automatically selects an appropriate set of rules based on a specific log type and populates them for the detector.
 

diff --git a/_security-analytics/log-types-reference/ad-ldap.md b/_security-analytics/log-types-reference/ad-ldap.md
@@ -0,0 +1,114 @@
+---
+layout: default
+title: AD LDAP
+parent: Supported log types
+nav_order: 20
+---
+
+# AD LDAP
+
+The `ad_ldap` log type tracks Active Directory logs, such as:
+
+- Lightweight Directory Access Protocol (LDAP) queries.
+- Errors from the LDAP server.
+- Timeout events.
+- Unsecured LDAP binds.
+
+The following code snippet contains all `raw_field` and `ecs` mappings for this log type:
+
+```json
+ "mappings": [
+   {
+      "raw_field":"TargetUserName",
+      "ecs":"azure.signinlogs.properties.user_id"
+    },
+    {
+      "raw_field":"creationTime",
+      "ecs":"timestamp"
+    },
+    {
+      "raw_field":"Category",
+      "ecs":"azure.activitylogs.category"
+    },
+    {
+      "raw_field":"OperationName",
+      "ecs":"azure.platformlogs.operation_name"
+    },
+    {
+      "raw_field":"ModifiedProperties_NewValue",
+      "ecs":"modified_properties.new_value"
+    },
+    {
+      "raw_field":"ResourceProviderValue",
+      "ecs":"azure.resource.provider"
+    },
+    {
+      "raw_field":"conditionalAccessStatus",
+      "ecs":"azure.signinlogs.properties.conditional_access_status"
+    },
+    {
+      "raw_field":"SearchFilter",
+      "ecs":"SearchFilter"
+    },
+    {
+      "raw_field":"Operation",
+      "ecs":"azure.platformlogs.operation_name"
+    },
+    {
+      "raw_field":"ResultType",
+      "ecs":"azure.platformlogs.result_type"
+    },
+    {
+      "raw_field":"DeviceDetail_isCompliant",
+      "ecs":"azure.signinlogs.properties.device_detail.is_compliant"
+    },
+    {
+      "raw_field":"ResourceDisplayName",
+      "ecs":"resource_display_name"
+    },
+    {
+      "raw_field":"AuthenticationRequirement",
+      "ecs":"azure.signinlogs.properties.authentication_requirement"
+    },
+    {
+      "raw_field":"TargetResources",
+      "ecs":"target_resources"
+    },
+    {
+      "raw_field":"Workload",
+      "ecs":"workload"
+    },
+    {
+      "raw_field":"DeviceDetail.deviceId",
+      "ecs":"azure.signinlogs.properties.device_detail.device_id"
+    },
+    {
+      "raw_field":"OperationNameValue",
+      "ecs":"azure.platformlogs.operation_name"
+    },
+    {
+      "raw_field":"ResourceId",
+      "ecs":"azure.signinlogs.properties.resource_id"
+    },
+    {
+      "raw_field":"ResultDescription",
+      "ecs":"azure.signinlogs.result_description"
+    },
+    {
+      "raw_field":"EventID",
+      "ecs":"EventID"
+    },
+    {
+      "raw_field":"NetworkLocationDetails",
+      "ecs":"azure.signinlogs.properties.network_location_details"
+    },
+    {
+      "raw_field":"CategoryValue",
+      "ecs":"azure.activitylogs.category"
+    },
+    {
+      "raw_field":"ActivityDisplayName",
+      "ecs":"azure.auditlogs.properties.activity_display_name"
+    }
+  ]
+```
diff --git a/_security-analytics/log-types-reference/apache-access.md b/_security-analytics/log-types-reference/apache-access.md
@@ -0,0 +1,10 @@
+---
+layout: default
+title: Apache Access
+parent: Supported log types
+nav_order: 25
+---
+
+# Apache Access
+
+The `apache_access` log type records data for all requests processed by Apache HTTP servers. It contains no `raw_field` or `ecs` mappings.