Amazon Security Lake now supports logs from AWS WAF

Posted on: May 22, 2024

Today, AWS announces the expansion in the log coverage support for Amazon Security Lake, now including AWS Web Application Firewall Logs (AWS WAF). This enhancement allows you to automatically centralize and normalize your AWS WAF web ACL logs in Security Lake. You can easily analyze your log data to determine if a suspicious IP address is interacting with your environment, monitor trends in denied requests to identify new exploitation campaigns, or conduct analytics to determine anomalous successful access by previously blocked hosts. This enables you to monitor and investigate potential suspicious activities in your web applications.

Security Lake automatically centralizes security data from AWS environments, SaaS providers, on premises, and cloud sources into a purpose-built data lake stored in your account. AWS WAF is a web application firewall that enables you to monitor the HTTP(S) requests that are made to your protected web application resource. Today’s announcement of AWS WAF logs coverage further streamlines the collection and management of your security data across accounts and AWS Regions, freeing up time for analyzing security data and improving the protection of your workloads, applications, and data.

For more information about the AWS Regions where Security Lake is available, see the AWS Region table. Monthly costs are determined by the volume of log and event data ingested from AWS services per gigabyte.

To get started, see the following list of resources: