Amazon Security Lake のアイコン

Amazon Security Lake New2022年〜

A data lake service that centralizes security data in OCSF format

About 2 min read

What It Does

Amazon Security Lake centralizes security data from AWS services, third-party security tools, and on-premises sources into an S3-based data lake using the OCSF (Open Cybersecurity Schema Framework) format. It automatically collects and normalizes CloudTrail logs, VPC Flow Logs, Route 53 DNS logs, Security Hub findings, and more.

Use Cases

Centralized management and long-term retention of security data, SIEM tool integration, security incident investigation and analysis, and log retention for compliance audits.

Everyday Analogy

Think of a security information library. Security reports from each department (AWS services, security tools) are organized and stored in a standardized format (OCSF), making them searchable and analyzable by investigators (analysis tools) at any time.

What Is Security Lake?

Amazon Security Lake specializes in aggregating and normalizing security data. Previously, CloudTrail logs used CloudTrail's format, VPC Flow Logs used VPC's format - each data source had its own schema. Security Lake normalizes data into the OCSF standard schema, enabling cross-source analysis.

Data Sources and Subscribers

Security Lake automatically collects AWS-native log sources (CloudTrail, VPC Flow Logs, Route 53 DNS logs, S3 data events, Lambda execution logs, EKS audit logs). Data from third-party security tools can also be ingested as custom sources. The subscriber feature provides data to SIEM tools like Splunk, Datadog, and Sumo Logic. For design patterns and operational practices around data sources and subscribers, specialized books on Amazon offer detailed coverage.

Getting Started

Enable Security Lake in the console and select the log sources and regions to collect. Integration with Organizations lets you aggregate security data across the entire organization. Analyze data by running queries with Athena or connecting SIEM tools as subscribers.

Things to Watch Out For

  • S3 storage costs and data normalization processing charges apply. Costs increase with large log volumes
  • Security Hub aggregates security findings, while Security Lake aggregates raw log data - they serve different purposes
共有するXB!

Related Services

AWS Security Hub iconAWS Security HubCentrally manage your AWS security posture and automatically check compliance with best practicesAWS CloudTrail iconAWS CloudTrailA service that records and monitors API activity in your AWS accountAmazon GuardDuty iconAmazon GuardDutyA machine learning-powered threat detection serviceAmazon Athena iconAmazon AthenaA serverless query service that lets you analyze data in S3 using standard SQL

Related Articles

Centralizing SaaS Audit Logs with AWS AppFabric - OCSF Standardization and Security Lake IntegrationLearn how AppFabric collects audit logs from SaaS applications, standardizes them to OCSF format, and builds analysis pipelines.Building a Security Data Lake with Amazon Security Lake - Unified Analysis in OCSF FormatLearn about Security Lake's automatic aggregation of CloudTrail, VPC Flow Logs, and Route 53 logs, OCSF normalization, and integration with subscribers.

More in This Category

IAM Access Analyzer iconIAM Access Analyzer SpecializedA service that detects externally accessible resources and unused access permissionsAWS Certificate Manager iconAWS Certificate Manager EssentialA service that automates provisioning, management, and deployment of SSL/TLS certificatesAWS Artifact iconAWS Artifact SpecializedA service for on-demand access to AWS compliance reports and agreementsAWS Audit Manager iconAWS Audit Manager SpecializedA service that automates evidence collection and assessment for compliance auditsAWS CloudHSM iconAWS CloudHSM SpecializedA service for managing encryption keys using dedicated hardware security modulesAmazon Cognito iconAmazon Cognito PopularA service that provides authentication, authorization, and user management for web and mobile applicationsAmazon Detective iconAmazon Detective SpecializedA service that automatically analyzes security findings and investigates root causesAWS Directory Service iconAWS Directory Service SpecializedA service that provides managed Active Directory on AWS

Similar Articles and Services

Building a Security Data Lake with Amazon Security Lake - Unified Analysis in OCSF FormatLearn about Security Lake's automatic aggregation of CloudTrail, VPC Flow Logs, and Route 53 logs, OCSF normalization, and integration with subscribers.Amazon Security LakeA service that automatically normalizes security data from CloudTrail, VPC Flow Logs, Route 53 Resolver logs, and other sources into OCSF format, centralizing it in an S3-based security data lakeCentralizing SaaS Audit Logs with AWS AppFabric - OCSF Standardization and Security Lake IntegrationLearn how AppFabric collects audit logs from SaaS applications, standardizes them to OCSF format, and builds analysis pipelines.Audit Log Design and Operations - Complete API Activity Recording with CloudTrailLearn how to design audit logs using AWS CloudTrail, including recording API activity, long-term storage in S3, and compliance automation through integration with AWS Config.AWS Lake FormationA service that simplifies building, managing, and securing data lakes