この記事は公開されてから1年以上経過しています。情報が古い可能性がありますので、ご注意ください。
Hello Everyone!
AWS announced a new data lake service known as Amazon Security Lake at the Keynote Session of re:Invent 2022. Now available in Preview.
Overview of Security Lake
Amazon Security Lake is a data lake service that aggregates security data into a purpose-built data lake automatically and analyzes it. Security Lake has adopted an open standard known as the Open Cybersecurity Schema Framework (OCSF). This open standard helps in normalizing and combining security data from various sources.
Refer to the following blog for the official announcement about Amazon Security Lake.
Refer to the following blog to know how to configure Security Lake.
Data Sources
The source of security data can be cloud, on-premises and other custom sources. The below slide shows various AWS and Partner Sources from which data can be collected.
AWS Sources for Security Lake are as follows:
- Amazon VPC,
- AWS CloudTrail
- Amazon Route 53
- Security Hub - It includes findings from over 50 solutions.
- AWS Lambda
The security data sources and logs are collected into Amazon S3.
Analytics
The listed AWS and Partner services from the below image can be used for analyzing the centralized data of Security Lake.
AWS Analytical Services are as follows :
- Amazon Athena
- Amazon OpenSearch
- Amazon SageMaker.
Summary
Security Lake makes it easier for collecting and analyzing security data. The Security Lake during the Preview period is available only in US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (Ireland).
Reference :
10
