Amazon OpenSearch Ingestion now supports writing security data to Amazon Security Lake

Posted on: Nov 22, 2024

Amazon OpenSearch Ingestion now allows you to write data into Amazon Security Lake in real-time, allowing you to ingest security data from both AWS and custom sources and uncover valuable insights into potential security issues in near-realtime. Amazon Security Lake centralizes security data from AWS environments, SaaS providers and on- premises into a purpose-built data lake. With this integration, customers can now seamlessly ingest and normalize security data from all popular custom sources before writing it into Amazon Security Lake.

Amazon Security Lake uses the Open Cybersecurity Schema Framework (OCSF) to normalize and combine security data from a broad range of enterprise security data sources in the Apache Parquet format. With this feature, you can now use Amazon OpenSearch Ingestion to ingest and transform security data from popular 3rd party sources like Palo Alto, CrowdStrike, and SentinelOne into OCSF format before writing the data into Security Lake. Once the data is written to Security Lake, it is available in the AWS Glue Data Catalog and AWS Lake Formation tables for the respective source.

This feature is available in all the 15 AWS commercial regions where Amazon OpenSearch Ingestion is currently available: US East (Ohio), US East (N. Virginia), US West (Oregon), US West (N. California), Europe (Ireland), Europe (London), Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Singapore), Asia Pacific (Mumbai), Asia Pacific (Seoul), Canada (Central), South America (Sao Paulo), and Europe (Stockholm).

To learn more, see the Amazon OpenSearch Ingestion webpage and the Amazon OpenSearch Service Developer Guide.