Amazon Security Lake automatically centralizes security data from cloud, on-premises, and custom sources into a purpose-built data lake stored in your account. Use Security Lake to analyze security data. Get a more complete understanding of your security across your entire organization, and improve the protection of your workloads, applications, and data. Security Lake automatically gathers and manages all your security data across accounts and Regions. Use your preferred analytics tools while retaining control and ownership of your security data. Security Lake has adopted the Open Cybersecurity Schema Framework (OCSF), an open standard. With OCSF support, the service can normalize and combine security data from AWS and a broad range of enterprise security data sources. Now, your analysts and engineers can get broad visibility to investigate and respond to security events and improve your security across the cloud and on premises.
Data aggregation in your account
Amazon Security Lake creates a purpose-built security data lake in your account. Security Lake collects log and event data from cloud, on-premises, and custom data sources across accounts and Regions. The service stores the gathered logs in your Amazon Simple Storage Service (S3) buckets, so you retain control and ownership of your data.
Data normalization and support for OCSF
Amazon Security Lake automatically normalizes AWS log and security findings to OCSF. This includes AWS CloudTrail management events, Amazon Virtual Private Cloud (VPC) Flow Logs, Amazon Route 53 Resolver query logs, and security findings from solutions integrated through AWS Security Hub. You can add data from third-party security solutions and your custom data such as logs from internal applications or network infrastructure that you have converted into OCSF format. With support for OCSF, Security Lake helps centralize, transform, and make your security data available to your preferred analytics tools.
Multi-account and multi-Region support
You can enable Amazon Security Lake across multiple AWS Regions where the service is available and across multiple AWS accounts. You can aggregate security data across accounts on a per-Region basis or consolidate security data from multiple Regions into rollup Regions. Security Lake rollup Regions can help you comply with Regional compliance requirements.
Security data lake access management
Streamline setting up access to your data lake for your security and analytics tools. For example, you might choose to only grant access to datasets from specified sources like CloudTrail. There are two modes of access. You can grant streaming access to your tools so that a notification is issued when new objects are written to the data lake. The other mode is query access, which allows tools to query the data stored in your security data lake.
Data lifecycle management and optimization
Amazon Security Lake manages the lifecycle of your data with customizable retention settings and storage costs with automated storage tiering. Security Lake automatically partitions and converts incoming security data to a storage-and-query-efficient Apache Parquet format.