Skip to content

Latest commit

 

History

History

amazon_security_lake_queries

Folders and files

NameName
Last commit message
Last commit date

parent directory

..

ocsf

ocsf

 
 

README.md

README.md

 
 

README.md

Amazon Security Lake OCSF Queries

This directory contains sample security analytics queries for the new Amazon Security Lake service. Amazon Security Lake is a new automated security data lake service that allows customers to aggregate, manage, and derive value from their security related log and event data. Amazon Security Lake automates the central management of security data, normalizing it into the open-source security schema OCSF. OCSF was co-initiated by AWS and developed in collaboration with other industry leaders to enable security use cases such as incident response and security data analytics.

These queries were originally developed for the AWS Customer Incident Response Team for the AWS Security Analytics Bootstrap project and were converted into the normalized OSCF log format used by Amazon Security Lake.

Amazon Security Lake Demo Queries

AWS Service Log Demo Query Link
All Queries Combined all demo queries
AWS CloudTrail Management Events cloudtrail management events demo queries
AWS CloudTrail Lambda Data Events cloudtrail lambda data events demo queries
Amazon Virtual Private Cloud (VPC) Flow Logs vpc flow demo queries
Amazon Route 53 DNS resolver query logs route 53 dns demo queries
Security Hub Findings security hub event demo queries

Acknowledgment

Many thanks to support from:

  • AWS Customer Incident Response Team
  • Amazon Security Lake Product Team
  • Anna McAbee
  • Charles Roberts
  • Marc Luescher
  • Ross Warren
  • Josh Pavel

License

This project is licensed under the Apache-2.0 License.