Update _posts/2025-03-05-OpenSearch-as-a-SIEM-Solution.md

DattellConsulting · natebower · web-flow · commit b7df3c6754ee · 2025-03-17T11:31:00.000-07:00
Co-authored-by: Nathan Bower &lt;nbower@amazon.com&gt;
Signed-off-by: DattellConsulting &lt;103694126+DattellConsulting@users.noreply.github.com&gt;
diff --git a/_posts/2025-03-05-OpenSearch-as-a-SIEM-Solution.md b/_posts/2025-03-05-OpenSearch-as-a-SIEM-Solution.md
@@ -45,7 +45,7 @@ OpenSearch is well suited for log analysis because it can ingest and index massi
 Security teams benefit from being able to query recent and historical logs in one place. For example, an analyst can query web server logs, DNS logs, and authentication logs simultaneously to investigate an incident, something that would be cumbersome if those logs resided in separate silos. 
 
 ### <u>Data normalization</u>
-Data normalization is important for building generalizable detection rules and dashboards that work across different log sources. When aggregating logs from many sources, a common challenge is that each source has its own format (different field names and structures). OpenSearch’s Security Analytics plugin includes field mappings for common log types.[1](https://opensearch.org/docs/latest/security-analytics/#:~:text=Security%20Analytics%20is%20a%20security,responding%20effectively%20to%20potential%20threats)  Additionally, OpenSearch allows users to define mappings and ingest pipelines to normalize data. 
+Data normalization is important for building generalizable detection rules and dashboards that work across different log sources. When aggregating logs from many sources, a commonly encountered challenge is that each source has its own format (different field names and structures). OpenSearch's Security Analytics plugin includes field mappings for common log types.[1](https://opensearch.org/docs/latest/security-analytics/#:~:text=Security%20Analytics%20is%20a%20security,responding%20effectively%20to%20potential%20threats) Additionally, OpenSearch allows users to define mappings and ingest pipelines to normalize data. 
 
 ### <u>Data Visualization.</u>
 Once logs are indexed and normalized, analysts can create visualizations with OpenSearch Dashboards to enhance situational awareness. For example, users can build charts showing trends of failed logins over time or a geographic map of login locations. 
