AWS Security Lake
Amazon Security Lake is a fully managed security data lake service.
IT Services · Amazon - Security Lake
Configuration parameters
roleArn— Role ARNroleSessionName— Role Session NamesessionDuration— Role Session DurationdefaultRegion— AWS Default Region (required)credentials— Access Keytimeout— Timeoutretries— Retriessts_regional_endpoint— AWS STS Regional Endpointsinsecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (9)
-
aws-security-lake-data-catalogs-listLists the data catalogs in the current Amazon Web Services account.
-
aws-security-lake-data-lakes-listRetrieves the Amazon Security Lake configuration object for the specified Amazon Web Services Regions. In order to run this command the user must have 'securitylake' permissions.
-
aws-security-lake-data-sources-listRetrieves a snapshot of the current region, including whether Amazon Security Lake is enabled for those accounts and which sources Security Lake is collecting data from. In order to run this command the user must have 'securitylake' permissions.
-
aws-security-lake-databases-listLists the databases in the specified data catalog.
-
aws-security-lake-guardduty-activity-queryThis command is used to search for Guard Duty logs for any criticality level activity.
-
aws-security-lake-query-executeExecute a new query, wait for the query to complete (using polling), and return query's execution information, and query's results (if successful). Either 'OutputLocation' or 'WorkGroup' must be specified for the query to run.
-
aws-security-lake-source-ip-queryRuns a query that takes a provided source IP address and queries the AWS Security Lake for console login attempts (Success/Failed) associated with the IP address, using AWS CloudTrail logs.
-
aws-security-lake-table-metadata-listLists the metadata for the tables in the specified data catalog database.
-
aws-security-lake-user-mfalogin-queryRuns query that takes a provided username and queries the AWS Security Lake for MFA login attempts (Success/Failed) associated with the user's account, using AWS CloudTrail logs.