Security Lake

Version: v4.27
Security Lake
Amazon Security Lake (ASL) is an OCSF event collection service.

Tenzir can send events to ASL via the to_asl operator.
Configuration
Follow the standard configuration instructions to authenticate with your AWS credentials.
Set up a custom source in ASL and use its S3 bucket URI with the to_asl operator.
Examples
Send all OCSF Network Activity events from a Kafka topic to ASL
Given a AWS security lake running on eu-west-2, a custom source called tenzir_network_activity set up on that lake and an account with id 123456789012 for it:
let $s3_uri = "s3://aws-security-data-lake-eu-west-2-lake-abcdefghijklmnopqrstuvwxyz1234/ext/tenzir_network_activity/" load_kafka "ocsf_events" read_ndjson where class_uid == ocsf::class_uid("Network Activity") to_asl $s3_uri, region="eu-west-2", accountId="123456789012"
Edit this page

Configuration​

Examples​

Send all OCSF Network Activity events from a Kafka topic to ASL​

Configuration

Examples

Send all OCSF Network Activity events from a Kafka topic to ASL