CyberCX Amazon Security Lake – Security Data

CyberCX delivers a robust customised AWS Security Lake implementation leveraging native AWS capabilities to automatically centralise and normalise security data from AWS services (e.g., CloudTrail, VPC Flow Logs, Config), SaaS platforms, and on-premises sources. The solution uses Infrastructure as Code (IaC) such as Terraform, Cloudformation, ensuring consistent and automated deployments. Logs are ingested in the Open Cybersecurity Schema Framework (OCSF) format, enabling interoperability across analytics tools. Integration with SIEM tools like Splunk enhances threat visibility and response capabilities. This service aligns with regulatory requirements and includes optional CyberCX Managed Services for ongoing operational support.

Amazon Security Lake can collect logs and events from the following natively supported AWS services:

• AWS CloudTrail management and data events (S3, Lambda)
• Amazon Elastic Kubernetes Service (Amazon EKS) Audit Logs
• Amazon Route 53 resolver query logs
• AWS Security Hub findings
• Amazon Virtual Private Cloud (Amazon VPC) Flow Logs
• AWS WAFv2 logs

Amazon Security Lake can collect logs and events from third-party custom sources. A Security Lake custom source is a third-party service that sends security logs and events to Amazon Security Lake. Before sending the data, the custom source must convert the logs and events to the Open Cybersecurity Schema Framework (OCSF) and meet the source requirements for Security Lake including partitioning, parquet file format and object size and rate requirements.