Posted On: Nov 29, 2022
Amazon Security Lake automatically centralizes security data from cloud, on-premises, and custom sources into a purpose-built data lake stored in your account. Security Lake makes it easier to analyze security data so that you can get a more complete understanding of your security across the entire organization. You can also improve the protection of your workloads, applications, and data. Security Lake automatically gathers and manages all your security data across accounts and Regions. You can use your preferred analytics tools while retaining control and ownership of your security data. Security Lake has adopted the Open Cybersecurity Schema Framework (OCSF), an open standard. It helps normalize and combine security data from AWS and a broad range of enterprise security data sources. Now, your analysts and engineers can get broad visibility to investigate and respond to security events and improve your security across the cloud and on premises.
Once enabled, Security Lake automatically creates a security data lake in a Region that you select for rolling up your global data. AWS log and security data sources are automatically collected in your selected Amazon Simple Storage Service (Amazon S3) bucket for existing and new accounts. They are normalized into the OCSF format, including AWS CloudTrail management events, Amazon Virtual Private Cloud (Amazon VPC) Flow Logs, Amazon Route 53 Resolver query logs, and security findings from over 50 solutions integrated through AWS Security Hub. You can also bring data into your security data lake from third-party security solutions and your custom data that you have converted into OCSF. This data can include logs from internal applications or network infrastructure. Security Lake manages the lifecycle of your data with customizable retention settings and storage costs with automated storage tiering.
During the preview period, Amazon Security Lake is available in the following AWS Regions: US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (Ireland).
To get started, see the following list of resources: