Getting started with Amazon Security Lake

Amazon Security Lake automatically centralizes security data from AWS environments, SaaS providers, on premises, and cloud sources into a purpose-built data lake stored in your account. Use Security Lake to analyze security data, gain a more comprehensive understanding of security across your entire organization, and improve the protection of your workloads, applications, and data.

Security Lake creates a data lake that is purpose-built for security in an account and AWS Region that you select for centralizing your data. AWS log and security data sources are automatically collected for existing and new accounts. They are normalized into the Open Cybersecurity Schema Framework (OCSF). This includes AWS CloudTrail management events, Amazon Virtual Private Cloud (VPC) Flow Logs, Amazon Route 53 Resolver query logs, Amazon Elastic Kubernetes Service (EKS) audit logs, AWS Web Application Firewall (WAF) logs, and security findings from integrated solutions through AWS Security Hub. You can also add data from third-party security solutions, other cloud sources, and your custom data, including logs from internal applications or network infrastructure.