Category: HAQM Security Lake

July 29, 2024: Original publication date of this post. The current version was updated to make the instructions clearer and compatible with OCSF 1.1. Customers often require multiple log sources across their AWS environment to empower their teams to respond and investigate security events. In part one of this two-part blog post, I show you […]

Generative artificial intelligence (AI) is now a household topic and popular across various public applications. Users enter prompts to get answers to questions, write code, create images, improve their writing, and synthesize information. As people become familiar with generative AI, businesses are looking for ways to apply these concepts to their enterprise use cases in […]

This blog post is the second of a two-part series where we show you how to respond to a specific incident by using HAQM Security Lake as the primary data source to accelerate incident response workflow. The workflow is described in the Unintended Data Access in HAQM S3 incident response playbook, published in the AWS […]

As security best practices have evolved over the years, so has the range of security telemetry options. Customers face the challenge of navigating through security-relevant telemetry and log data produced by multiple tools, technologies, and vendors while trying to monitor, detect, respond to, and mitigate new and existing security issues. In this post, we provide […]

September 20, 2024: Updated the incident response life cycle related wording in the first blog of this series, so to better align with the NIST defined terms. This blog post is the first of a two-part series that will demonstrate the value of HAQM Security Lake and how you can use it and other resources to accelerate […]

According to the MITRE ATT&CK framework, lateral movement consists of techniques that threat actors use to enter and control remote systems on a network. In HAQM Web Services (AWS) environments, threat actors equipped with illegitimately obtained credentials could potentially use APIs to interact with infrastructures and services directly, and they might even be able to use […]

Centralize visibility across hybrid environments for streamlined incident response, optimized log retention, and proactive threat detection. Use AI-driven enhancements for automated investigations.

Sept 12, 2024: We’ve updated this post to include recently added Security Lake data sources for HAQM EKS and AWS WAF log files. You can use HAQM Security Lake to simplify log data collection and retention for HAQM Web Services (AWS) and non-AWS data sources. To make sure that you get the most out of […]

In part 1, we discussed how to use HAQM SageMaker Studio to analyze time-series data in HAQM Security Lake to identify critical areas and prioritize efforts to help increase your security posture. Security Lake provides additional visibility into your environment by consolidating and normalizing security data from both AWS and non-AWS sources. Security teams can […]

Part 3 of a 3-part series Part 1 – Aggregating, searching, and visualizing log data from distributed sources with HAQM Athena and HAQM QuickSight Part 2 – How to visualize HAQM Security Lake findings with HAQM QuickSight This is the final part of a three-part series on visualizing security data using HAQM Security Lake and […]