DataLakeSource

Amazon Security Lake collects logs and events from supported AWS services and custom sources. For the list of supported AWS services, see the Amazon Security Lake User Guide.

Contents

account

The ID of the Security Lake account for which logs are collected.

Type: String

Required: No

eventClasses

The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake. The supported event classes are:

• ACCESS_ACTIVITY

• FILE_ACTIVITY

• KERNEL_ACTIVITY

• KERNEL_EXTENSION

• MEMORY_ACTIVITY

• MODULE_ACTIVITY

• PROCESS_ACTIVITY

• REGISTRY_KEY_ACTIVITY

• REGISTRY_VALUE_ACTIVITY

• RESOURCE_ACTIVITY

• SCHEDULED_JOB_ACTIVITY

• SECURITY_FINDING

• ACCOUNT_CHANGE

• AUTHENTICATION

• AUTHORIZATION

• ENTITY_MANAGEMENT_AUDIT

• DHCP_ACTIVITY

• NETWORK_ACTIVITY

• DNS_ACTIVITY

• FTP_ACTIVITY

• HTTP_ACTIVITY

• RDP_ACTIVITY

• SMB_ACTIVITY

• SSH_ACTIVITY

• CONFIG_STATE

• INVENTORY_INFO

• EMAIL_ACTIVITY

• API_ACTIVITY

• CLOUD_API

Type: Array of strings

Pattern: ^[A-Z\_0-9]*$

Required: No

sourceName

The supported AWS services from which logs and events are collected. Amazon Security Lake supports log and event collection for natively supported AWS services.

Type: String

Required: No

sourceStatuses

The log status for the Security Lake account.

Type: Array of DataLakeSourceStatus objects

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++

• AWS SDK for Java V2

• AWS SDK for Ruby V3