AWS Security Lake

Amazon Security Lake is a fully managed security data lake service.

IT Services · Amazon - Security Lake

Configuration parameters

  • roleArn — Role ARN
  • roleSessionName — Role Session Name
  • sessionDuration — Role Session Duration
  • defaultRegion — AWS Default Region (required)
  • credentials — Access Key
  • timeout — Timeout
  • retries — Retries
  • sts_regional_endpoint — AWS STS Regional Endpoints
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (9)

  • aws-security-lake-data-catalogs-list

    Lists the data catalogs in the current Amazon Web Services account.

  • aws-security-lake-data-lakes-list

    Retrieves the Amazon Security Lake configuration object for the specified Amazon Web Services Regions. In order to run this command the user must have 'securitylake' permissions.

  • aws-security-lake-data-sources-list

    Retrieves a snapshot of the current region, including whether Amazon Security Lake is enabled for those accounts and which sources Security Lake is collecting data from. In order to run this command the user must have 'securitylake' permissions.

  • aws-security-lake-databases-list

    Lists the databases in the specified data catalog.

  • aws-security-lake-guardduty-activity-query

    This command is used to search for Guard Duty logs for any criticality level activity.

  • aws-security-lake-query-execute

    Execute a new query, wait for the query to complete (using polling), and return query's execution information, and query's results (if successful). Either 'OutputLocation' or 'WorkGroup' must be specified for the query to run.

  • aws-security-lake-source-ip-query

    Runs a query that takes a provided source IP address and queries the AWS Security Lake for console login attempts (Success/Failed) associated with the IP address, using AWS CloudTrail logs.

  • aws-security-lake-table-metadata-list

    Lists the metadata for the tables in the specified data catalog database.

  • aws-security-lake-user-mfalogin-query

    Runs query that takes a provided username and queries the AWS Security Lake for MFA login attempts (Success/Failed) associated with the user's account, using AWS CloudTrail logs.