Skip to main content

Amazon Security Lake Documentation

Amazon Security Lake centralizes security data from cloud, on-premises, and custom sources into a purpose-built data lake stored in your account. Security Lake gathers and manages your security data across accounts and Regions. Use your preferred analytics tools while retaining control and ownership of your security data. Security Lake has adopted the Open Cybersecurity Schema Framework (OCSF), an open standard. With OCSF support, the service can normalize and combine security data from AWS and a broad range of enterprise security data sources.

Data aggregation in your account

Amazon Security Lake creates a security data lake in your account. Security Lake collects log and event data from cloud, on-premises, and custom data sources across accounts and Regions. The service stores the gathered logs in your Amazon Simple Storage Service (S3) buckets.

Data normalization and support for OCSF

Amazon Security Lake normalizes AWS log and security findings to OCSF. You can also add data from third-party security solutions and your custom data such as logs from internal applications or network infrastructure that you have converted into OCSF format. With support for OCSF, Security Lake helps centralize, transform, and make your security data available to your preferred analytics tools.

Multi-account and multi-Region support

You can enable Amazon Security Lake across multiple AWS Regions where the service is available and across multiple AWS accounts. You can aggregate security data across accounts on a per-Region basis or consolidate security data from multiple Regions into rollup Regions.

Security data lake access management

Security Lake is designed to help you set up access to your data lake for your security and analytics tools. There are two modes of access. You can grant streaming access to your tools so that a notification is issued when new objects are written to the data lake. The other mode is query access, which allows tools to query the data stored in your security data lake.

Data lifecycle management and optimization

Amazon Security Lake helps manage the lifecycle of your data with customizable retention settings. Security Lake can help partition and convert incoming security data to a storage-and-query-efficient zformat.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.