Posted On: Nov 26, 2023
HAQM Detective now integrates with HAQM Security Lake, enabling security analysts to query and retrieve logs stored in Security Lake. You can use this integration to get additional information from AWS CloudTrail logs and HAQM Virtual Private Cloud (HAQM VPC) Flow Logs stored in Security Lake while conducting security investigations in Detective.
HAQM Detective is a managed security service that simplifies the investigation process by building data aggregations, summaries, and visualizations based on security findings and activity logs. Security analysts use Detective to more quickly analyze and determine the nature and extent of possible security issues. Security Lake is a service that automatically centralizes security data from AWS environments, SaaS providers, on-premises, and other cloud sources into a purpose-built data lake. You can use Security Lake to make central log collection easier and gain a comprehensive understanding of all security events in your organization.
When deeper analysis is required, Detective provides a pre-built query in HAQM Athena focused on the timeframe and components involved. This speeds the process of retrieving relevant CloudTrail and VPC Flow Logs. Analysts can preview logs in Athena and even modify the query to fine-tune results.
You can learn more about this integration here. There are additional charges to use this integration which you can review under Detective FAQs. Support for this integration is available today for all Detective and Security Lake customers in all AWS Regions where both services are available. To learn more, visit HAQM Detective product page.