Amazon Security Lake website screenshot

Amazon Security Lake

Amazon Security Lake is a service that automatically centralizes an organization's security data from cloud, on-premises, and custom sources into a purpose-built data lake stored in your own Amazon S3. It manages the data lifecycle to help you optimize storage and supports OCSF (Open Cybersecurity Schema Framework) for normalized security data analysis.

1 APIs 8 Features
Data LakeSecuritySIEMThreat Detection

APIs

Amazon Security Lake API

The Amazon Security Lake API provides programmatic access to create and manage data lakes, data sources, subscribers, and log sources for centralizing and analyzing security dat...

Collections

Arazzo Workflows

Amazon Security Lake Decommission Data Lake

Resolve a data lake, update its configuration, then delete its configuration object.

ARAZZO

Amazon Security Lake Offboard Subscriber

Confirm a subscriber exists, then delete it and verify it is removed from the list.

ARAZZO

Amazon Security Lake Onboard AWS Log Source

Add a natively supported AWS service as a log source and confirm it is collecting.

ARAZZO

Amazon Security Lake Provision Data Lake

Create a Security Lake data lake, confirm it is listed, and inspect its collecting sources.

ARAZZO

Amazon Security Lake Provision Subscriber

Create a subscriber, confirm its identity and status, and verify it is listed.

ARAZZO

Amazon Security Lake Register Custom Source

Register a third-party custom log source and confirm it appears in the source list.

ARAZZO

Amazon Security Lake Rename Subscriber

Find a subscriber by name, confirm it, and update its name and description.

ARAZZO

Pricing Plans

Rate Limits

Amazon Security Lake Rate Limits

5 limits

RATE LIMITS

FinOps

Features

Automatic Data Centralization

Automatically centralizes security data from AWS services, third-party tools, and custom sources into a single data lake.

OCSF Normalization

Converts security data to the Open Cybersecurity Schema Framework (OCSF) for standardized analysis across tools.

Apache Parquet Format

Stores all security data in Apache Parquet format optimized for analytical query performance.

Multi-Account Support

Centralizes security data across an entire AWS Organization from all accounts and regions.

Lifecycle Management

Automatically manages storage lifecycle with configurable retention and tiering policies.

Subscriber Access

Grant third-party SIEMs and analytics tools direct query access to your security data lake.

Native AWS Integration

Native connectors for CloudTrail, VPC Flow Logs, Route 53, Security Hub, and EKS audit logs.

Custom Log Sources

Ingest custom and third-party security data sources in OCSF format.

Use Cases

Security Data Centralization

Aggregate all security data from across a multi-account AWS environment into one queryable data lake.

SIEM Integration

Provide SIEM platforms like Splunk, Sumo Logic, and Microsoft Sentinel direct access to normalized security data.

Threat Hunting

Enable security analysts to query normalized OCSF data for threat hunting and forensic investigation.

Compliance Data Retention

Retain security logs in a cost-optimized data lake for compliance audit requirements.

Security Analytics

Run advanced analytics and ML models against normalized security data for anomaly detection.

Multi-Cloud Security Data

Centralize security data from on-premises and other cloud providers alongside AWS security data.

Semantic Vocabularies

Amazon Security Lake Context

3 classes · 18 properties

JSON-LD

API Governance Rules

Amazon Security Lake API Rules

21 rules · 8 errors 10 warnings 3 info

SPECTRAL

JSON Structure

Amazon Security Lake Data Lake Structure

6 properties

JSON STRUCTURE

Amazon Security Lake Log Source Structure

3 properties

JSON STRUCTURE

Amazon Security Lake Subscriber Structure

9 properties

JSON STRUCTURE

Example Payloads

Resources

🔗
PostmanWorkspace
PostmanWorkspace
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🌐
Portal
Portal
🚀
GettingStarted
GettingStarted
🔗
Documentation
Documentation
🔗
APIReference
APIReference
🌐
Console
Console
📝
Signup
Signup
💰
Pricing
Pricing
💬
FAQ
FAQ
📰
Blog
Blog
🟢
StatusPage
StatusPage
💬
Support
Support
📜
TermsOfService
TermsOfService
📜
PrivacyPolicy
PrivacyPolicy
🔗
Compliance
Compliance
👥
GitHubOrganization
GitHubOrganization
👥
YouTube
YouTube
👥
StackOverflow
StackOverflow
🔗
KnowledgeCenter
KnowledgeCenter
🔗
SpectralRules
SpectralRules
🔗
Vocabulary
Vocabulary
🔗
JSONLD
JSONLD
🔗
JSONStructure
JSONStructure
🔗
JSONStructure
JSONStructure
🔗
JSONStructure
JSONStructure
💻
Examples
Examples
💻
Examples
Examples
💻
Examples
Examples

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: Amazon Security Lake API
  version: Wed May 09 2018 20:00:00 GMT-0400 (Eastern Daylight Time)
request:
  auth:
    type: apikey
    key: Authorization
    value: '{{Authorization}}'
    placement: header
items:
- info:
    name: Data Lakes
    type: folder
  items:
  - info:
      name: Amazon Security Lake List Data Lakes
      type: http
    http:
      method: GET
      url: https://securitylake.{region}.amazonaws.com/v1/datalake
      params:
      - name: regions
        value: ''
        type: query
        description: List of regions to include in the response.
    docs: Lists information about the data lakes in the current AWS account and Region.
  - info:
      name: Amazon Security Lake Create Data Lake
      type: http
    http:
      method: POST
      url: https://securitylake.{region}.amazonaws.com/v1/datalake
      body:
        type: json
        data: '{}'
    docs: Creates a Security Lake data lake in the specified regions. Security Lake begins ingesting security data after you
      create the data lake.
  - info:
      name: Amazon Security Lake Update Data Lake
      type: http
    http:
      method: PUT
      url: https://securitylake.{region}.amazonaws.com/v1/datalake/:dataLakeArn
      params:
      - name: dataLakeArn
        value: ''
        type: path
        description: The ARN of the data lake to update.
      body:
        type: json
        data: '{}'
    docs: Updates the configuration of a data lake.
  - info:
      name: Amazon Security Lake Delete Data Lake
      type: http
    http:
      method: DELETE
      url: https://securitylake.{region}.amazonaws.com/v1/datalake/:dataLakeArn
      params:
      - name: dataLakeArn
        value: ''
        type: path
        description: The ARN of the data lake to delete.
    docs: Deletes the Amazon Security Lake data lake configuration object for the specified account and Region.
- info:
    name: Log Sources
    type: folder
  items:
  - info:
      name: Amazon Security Lake Get Data Lake Sources
      type: http
    http:
      method: POST
      url: https://securitylake.{region}.amazonaws.com/v1/datalake/sources
      body:
        type: json
        data: '{}'
    docs: Retrieves a snapshot of the current Region, including whether Amazon Security Lake is enabled for those accounts
      and which sources Security Lake is collecting data from.
  - info:
      name: Amazon Security Lake Create AWS Log Source
      type: http
    http:
      method: POST
      url: https://securitylake.{region}.amazonaws.com/v1/logsources/aws
      body:
        type: json
        data: '{}'
    docs: Adds a natively supported Amazon Web Service as an Amazon Security Lake source.
  - info:
      name: Amazon Security Lake Create Custom Log Source
      type: http
    http:
      method: POST
      url: https://securitylake.{region}.amazonaws.com/v1/logsources/custom
      body:
        type: json
        data: '{}'
    docs: Adds a third-party custom source in Amazon Security Lake to store log data.
  - info:
      name: Amazon Security Lake List Log Sources
      type: http
    http:
      method: GET
      url: https://securitylake.{region}.amazonaws.com/v1/logsources
      params:
      - name: maxResults
        value: ''
        type: query
        description: Maximum number of results to return.
      - name: nextToken
        value: ''
        type: query
        description: Pagination token.
    docs: Retrieves the log sources in the current Amazon Web Services Region.
- info:
    name: Subscribers
    type: folder
  items:
  - info:
      name: Amazon Security Lake List Subscribers
      type: http
    http:
      method: GET
      url: https://securitylake.{region}.amazonaws.com/v1/subscribers
      params:
      - name: maxResults
        value: ''
        type: query
        description: Maximum number of results to return.
      - name: nextToken
        value: ''
        type: query
        description: Pagination token.
    docs: Lists all subscribers for the specific Amazon Security Lake account ID.
  - info:
      name: Amazon Security Lake Create Subscriber
      type: http
    http:
      method: POST
      url: https://securitylake.{region}.amazonaws.com/v1/subscribers
      body:
        type: json
        data: '{}'
    docs: Creates a subscriber for accounts that are already enabled in Amazon Security Lake.
  - info:
      name: Amazon Security Lake Get Subscriber
      type: http
    http:
      method: GET
      url: https://securitylake.{region}.amazonaws.com/v1/subscribers/:subscriberId
      params:
      - name: subscriberId
        value: ''
        type: path
        description: The ID of the subscriber to retrieve.
    docs: Gets information about a specific subscriber created in the current Amazon Web Services Region.
  - info:
      name: Amazon Security Lake Update Subscriber
      type: http
    http:
      method: PUT
      url: https://securitylake.{region}.amazonaws.com/v1/subscribers/:subscriberId
      params:
      - name: subscriberId
        value: ''
        type: path
        description: The ID of the subscriber to update.
      body:
        type: json
        data: '{}'
    docs: Updates an existing subscriber for the specific Amazon Security Lake account ID and Region.
  - info:
      name: Amazon Security Lake Delete Subscriber
      type: http
    http:
      method: DELETE
      url: https://securitylake.{region}.amazonaws.com/v1/subscribers/:subscriberId
      params:
      - name: subscriberId
        value: ''
        type: path
        description: The ID of the subscriber to delete.
    docs: Deletes the specified subscriber and removes them from Amazon Security Lake.
bundled: true