This directory contains sample security analytics queries for the new Amazon Security Lake service. Amazon Security Lake is a new automated security data lake service that allows customers to aggregate, manage, and derive value from their security related log and event data. Amazon Security Lake automates the central management of security data, normalizing it into the open-source security schema OCSF. OCSF was co-initiated by AWS and developed in collaboration with other industry leaders to enable security use cases such as incident response and security data analytics.
These queries were originally developed for the AWS Customer Incident Response Team for the AWS Security Analytics Bootstrap project and were converted into the normalized OSCF log format used by Amazon Security Lake.
Many thanks to support from:
- AWS Customer Incident Response Team
- Amazon Security Lake Product Team
- Anna McAbee
- Charles Roberts
- Marc Luescher
- Ross Warren
- Josh Pavel
This project is licensed under the Apache-2.0 License.