Amazon Security Lake
Amazon Security Lake is a service that automatically centralizes an organization's security data from cloud, on-premises, and custom sources into a purpose-built data lake stored in your own Amazon S3. It manages the data lifecycle to help you optimize storage and supports OCSF (Open Cybersecurity Schema Framework) for normalized security data analysis.
APIs
Amazon Security Lake API
The Amazon Security Lake API provides programmatic access to create and manage data lakes, data sources, subscribers, and log sources for centralizing and analyzing security dat...
Collections
Amazon Security Lake API
POSTMANArazzo Workflows
Amazon Security Lake Decommission Data Lake
Resolve a data lake, update its configuration, then delete its configuration object.
ARAZZOAmazon Security Lake Offboard Subscriber
Confirm a subscriber exists, then delete it and verify it is removed from the list.
ARAZZOAmazon Security Lake Onboard AWS Log Source
Add a natively supported AWS service as a log source and confirm it is collecting.
ARAZZOAmazon Security Lake Provision Data Lake
Create a Security Lake data lake, confirm it is listed, and inspect its collecting sources.
ARAZZOAmazon Security Lake Provision Subscriber
Create a subscriber, confirm its identity and status, and verify it is listed.
ARAZZOAmazon Security Lake Register Custom Source
Register a third-party custom log source and confirm it appears in the source list.
ARAZZOAmazon Security Lake Rename Subscriber
Find a subscriber by name, confirm it, and update its name and description.
ARAZZOPricing Plans
Rate Limits
FinOps
Amazon Security Lake Finops
FINOPSFeatures
Automatically centralizes security data from AWS services, third-party tools, and custom sources into a single data lake.
Converts security data to the Open Cybersecurity Schema Framework (OCSF) for standardized analysis across tools.
Stores all security data in Apache Parquet format optimized for analytical query performance.
Centralizes security data across an entire AWS Organization from all accounts and regions.
Automatically manages storage lifecycle with configurable retention and tiering policies.
Grant third-party SIEMs and analytics tools direct query access to your security data lake.
Native connectors for CloudTrail, VPC Flow Logs, Route 53, Security Hub, and EKS audit logs.
Ingest custom and third-party security data sources in OCSF format.
Use Cases
Aggregate all security data from across a multi-account AWS environment into one queryable data lake.
Provide SIEM platforms like Splunk, Sumo Logic, and Microsoft Sentinel direct access to normalized security data.
Enable security analysts to query normalized OCSF data for threat hunting and forensic investigation.
Retain security logs in a cost-optimized data lake for compliance audit requirements.
Run advanced analytics and ML models against normalized security data for anomaly detection.
Centralize security data from on-premises and other cloud providers alongside AWS security data.