What is function of Download GeoIP lambda and GeoIP S3 bucket?

Question

https://aws.amazon.com/blogs/security/how-to-use-aws-security-hub-and-amazon-opensearch-service-for-siem/

I was going through below blogpost where Opensearch can be used as SiEM tool. I want to understand what the role of Download GeoIp lambda and GeoIP s3 bucket?

Answer

The Download GeoIP lambda function is used for downloading GeoIPs from MaxMind and then GeoIP S3 bucket is used for storing the downloaded GeoIPs.

When you view/analyze logs in OpenSearch dashboard, you can add country information as well as latitude/longitude location information to each IP address. To get location information, SIEM on OpenSearch Service downloads and uses GeoLite2 Free by MaxMind. If you want to add location information, get your free license from MaxMind.

Refer to the following for more information:
- [https://github.com/aws-samples/siem-on-amazon-opensearch-service](https://github.com/aws-samples/siem-on-amazon-opensearch-service)
- [https://catalog.us-east-1.prod.workshops.aws/workshops/60a6ee4e-e32d-42f5-bd9b-4a2f7c135a72/en-US](https://catalog.us-east-1.prod.workshops.aws/workshops/60a6ee4e-e32d-42f5-bd9b-4a2f7c135a72/en-US)

What is function of Download GeoIP lambda and GeoIP S3 bucket?

Relevant content