Amazon Security Lake logo

Amazon Security Lake

Amazon Security Lake is a service that automatically centralizes an organization's security data from cloud, on-premises, and custom sources into a purpose-built data lake stored in your own Amazon S3. It manages the data lifecycle to help you optimize storage and supports OCSF (Open Cybersecurity Schema Framework) for normalized security data analysis.

1 APIs 1 Capabilities 8 Features
AWSData LakeSecuritySIEMThreat Detection

APIs

Amazon Security Lake API

The Amazon Security Lake API provides programmatic access to create and manage data lakes, data sources, subscribers, and log sources for centralizing and analyzing security dat...

Capabilities

Amazon Security Lake Security Data Lake

Unified capability for managing a centralized security data lake including data lake configuration, log source ingestion, and subscriber access management. Used by Security Data...

Run with Naftiko

Features

Automatic Data Centralization

Automatically centralizes security data from AWS services, third-party tools, and custom sources into a single data lake.

OCSF Normalization

Converts security data to the Open Cybersecurity Schema Framework (OCSF) for standardized analysis across tools.

Apache Parquet Format

Stores all security data in Apache Parquet format optimized for analytical query performance.

Multi-Account Support

Centralizes security data across an entire AWS Organization from all accounts and regions.

Lifecycle Management

Automatically manages storage lifecycle with configurable retention and tiering policies.

Subscriber Access

Grant third-party SIEMs and analytics tools direct query access to your security data lake.

Native AWS Integration

Native connectors for CloudTrail, VPC Flow Logs, Route 53, Security Hub, and EKS audit logs.

Custom Log Sources

Ingest custom and third-party security data sources in OCSF format.

Use Cases

Security Data Centralization

Aggregate all security data from across a multi-account AWS environment into one queryable data lake.

SIEM Integration

Provide SIEM platforms like Splunk, Sumo Logic, and Microsoft Sentinel direct access to normalized security data.

Threat Hunting

Enable security analysts to query normalized OCSF data for threat hunting and forensic investigation.

Compliance Data Retention

Retain security logs in a cost-optimized data lake for compliance audit requirements.

Security Analytics

Run advanced analytics and ML models against normalized security data for anomaly detection.

Multi-Cloud Security Data

Centralize security data from on-premises and other cloud providers alongside AWS security data.

Integrations

AWS CloudTrail

Native connector for management event and data event logs from CloudTrail.

Amazon VPC Flow Logs

Ingest VPC network flow logs for network traffic analysis.

Amazon Route 53

Collect DNS query logs for domain analysis and threat detection.

AWS Security Hub

Aggregate Security Hub findings into the security data lake.

Amazon EKS

Ingest Kubernetes audit logs from Amazon EKS clusters.

Amazon S3

All security data is stored in S3 buckets within your own AWS account.

AWS Lake Formation

Control fine-grained subscriber access using AWS Lake Formation permissions.

Splunk

SIEM subscriber integration for Splunk to query Security Lake data directly.

Microsoft Sentinel

Connect Microsoft Sentinel as a subscriber to consume OCSF-normalized data.

CrowdStrike

Ingest CrowdStrike endpoint detection findings as a custom log source.

Semantic Vocabularies

Amazon Security Lake Context

3 classes · 18 properties

JSON-LD

API Governance Rules

Amazon Security Lake API Rules

21 rules · 8 errors 10 warnings 3 info

SPECTRAL

Resources

🌐
Portal
Portal
🚀
GettingStarted
GettingStarted
🔗
Documentation
Documentation
🔗
APIReference
APIReference
🌐
Console
Console
📝
SignUp
SignUp
💰
Pricing
Pricing
💬
FAQ
FAQ
📰
Blog
Blog
🟢
StatusPage
StatusPage
💬
Support
Support
📜
TermsOfService
TermsOfService
📜
PrivacyPolicy
PrivacyPolicy
🔗
Compliance
Compliance
👥
GitHubOrganization
GitHubOrganization
👥
YouTube
YouTube
👥
StackOverflow
StackOverflow
🔗
KnowledgeCenter
KnowledgeCenter
🔗
SpectralRules
SpectralRules
🔗
Vocabulary
Vocabulary
🔗
NaftikoCapability
NaftikoCapability
🔗
JSON-LD
JSON-LD
🔗
JSONStructure
JSONStructure
🔗
JSONStructure
JSONStructure
🔗
JSONStructure
JSONStructure
💻
Example
Example
💻
Example
Example
💻
Example
Example
🔗
NaftikoCapability
NaftikoCapability