AWS Security Blog

Category: Amazon Security Lake

Patterns for consuming custom log sources in Amazon Security Lake

As security best practices have evolved over the years, so has the range of security telemetry options. Customers face the challenge of navigating through security-relevant telemetry and log data produced by multiple tools, technologies, and vendors while trying to monitor, detect, respond to, and mitigate new and existing security issues. In this post, we provide […]

Accelerate incident response with Amazon Security Lake

This blog post is the first of a two-part series that will demonstrate the value of Amazon Security Lake and how you can use it and other resources to accelerate your incident response (IR) capabilities. Security Lake is a purpose-built data lake that centrally stores your security logs in a common, industry-standard format. In part […]

Investigating lateral movements with Amazon Detective investigation and Security Lake integration

According to the MITRE ATT&CK framework, lateral movement consists of techniques that threat actors use to enter and control remote systems on a network. In Amazon Web Services (AWS) environments, threat actors equipped with illegitimately obtained credentials could potentially use APIs to interact with infrastructures and services directly, and they might even be able to use […]

Amazon Security Lake logo

How Amazon Security Lake is helping customers simplify security data management for proactive threat analysis

Centralize visibility across hybrid environments for streamlined incident response, optimized log retention, and proactive threat detection. Use AI-driven enhancements for automated investigations.

Overview of Security Lake functionality

How to develop an Amazon Security Lake POC

You can use Amazon Security Lake to simplify log data collection and retention for Amazon Web Services (AWS) and non-AWS data sources. To make sure that you get the most out of your implementation requires proper planning. In this post, we will show you how to plan and implement a proof of concept (POC) for […]

Generate AI powered insights for Amazon Security Lake using Amazon SageMaker Studio and Amazon Bedrock

In part 1, we discussed how to use Amazon SageMaker Studio to analyze time-series data in Amazon Security Lake to identify critical areas and prioritize efforts to help increase your security posture. Security Lake provides additional visibility into your environment by consolidating and normalizing security data from both AWS and non-AWS sources. Security teams can […]

How to share security telemetry per OU using Amazon Security Lake and AWS Lake Formation

Part 3 of a 3-part series Part 1 – Aggregating, searching, and visualizing log data from distributed sources with Amazon Athena and Amazon QuickSight Part 2 – How to visualize Amazon Security Lake findings with Amazon QuickSight This is the final part of a three-part series on visualizing security data using Amazon Security Lake and […]

Get custom data into Amazon Security Lake through ingesting Azure activity logs

Get custom data into Amazon Security Lake through ingesting Azure activity logs

Amazon Security Lake automatically centralizes security data from both cloud and on-premises sources into a purpose-built data lake stored on a particular AWS delegated administrator account for Amazon Security Lake. In this blog post, I will show you how to configure your Amazon Security Lake solution with cloud activity data from Microsoft Azure Monitor activity […]

Amazon Security Lake is now generally available

Amazon Security Lake is now generally available

Today we are thrilled to announce the general availability of Amazon Security Lake, first announced in a preview release at 2022 re:Invent. Security Lake centralizes security data from Amazon Web Services (AWS) environments, software as a service (SaaS) providers, on-premises, and cloud sources into a purpose-built data lake that is stored in your AWS account. […]