Build the 1 Minute QuickstartGet the Latest ReleaseSee the CHANGELOGCreate a Feature Request / Bug ReportJoin the Conversation
HomeGuidesRecipes
Build the 1 Minute QuickstartGet the Latest ReleaseSee the CHANGELOGCreate a Feature Request / Bug ReportJoin the Conversation
Guides

AWS DynamoDB

Suggest Edits

AWS DynamoDB is a read-write key-value store that is backed by an AWS DynamoDB table.

Settings

FieldTypeDescriptionRequired
tablestringthe DynamoDB table that items are retrieved from and written to.Yes
attributes.partition_keystringthe table's partition key attribute.Yes
attributes.valuestringthe table attribute where values are stored.Yes
attributes.sort_keystringthe table's sort (range) key attribute.

this must be used if the table uses a composite primary key schema (partition key and sort key). only string types are supported.		No
attributes.ttlstringthe table's time-to-live attribute.No

Use Cases

Application Caching

Each caching strategy is achievable with the KV Store processor and Substation applications -- this can significantly simplify deployment complexity if dedicated AWS DynamoDB sinks are not needed.

Networked Cache-Aside

A networked cache-aside pattern is available in the Configuration Library that can be used to significantly reduce data processing time caused by high latency processors (such as DNS).

Internal Passive DNS

Pair the KV Store processor with log sources that contain DNS metadata (e.g., Zeek DNS, Suricata DNS, EDR DNS events) and/or the DNS processor to create an internally curated, enterprise-scale passive DNS database. Forward and reverse lookups can be stored in the same table by adjusting the partition key's value depending on the context (use domains for forward lookups and IP addresses for reverse lookups).

Updated over 1 year ago