AWS service integrations with Security Lake
Amazon Security Lake integrates with other AWS services. A service may either operate as a source integration, a subscriber integration, or both.
Source integrations have the following properties:
-
Send data to Security Lake
-
Data arrives in the Open Cybersecurity Schema Framework (OCSF) in Security Lake schema
-
Data arrives in Apache Parquet format
Subscriber integrations can access Security Lake data in one of the following ways:
-
Read source data from Security Lake through an HTTPS endpoint
-
Read source data from Security Lake through an Amazon Simple Queue Service (Amazon SQS)
-
By directly querying source data using AWS Lake Formation
The following table provides a list of AWS service integrations that Security Lake supports.
| AWS service | Integration type | Description | How integration works |
|---|---|---|---|
|
Subscriber |
Generate AI-powered insights to analyze Security Lake data. |
||
|
Subscriber |
Analyze, investigate, and quickly identify the root cause of security findings or suspicious activities by querying Security Lake. |
||
|
Subscriber |
Generate security insights from Security Lake data by using OpenSearch Service ingestion. |
||
|
Subscriber, Source |
Stream logs, metrics, and trace data to OpenSearch Service and Security Lake. |
||
|
Subscriber (Query) |
Query data in Security Lake with zero-ETL. |
||
|
Subscriber |
Visualize, explore, and interpret logs in Security Lake with QuickSight. |
||
|
Subscriber |
Generate AI-powered insights to analyze Security Lake data. |
||
|
Source |
Ingests and normalize software as a service (SaaS) application logs into Security Lake standard format. |
||
|
Source |
Centralize and store security findings from Security Hub in Security Lake standard format. |
