Skip to content

API for Amazon Security Lake

ABAP Package /AWS1/API_SLK_IMPL
ABAP SDK "TLA" SLK
ABAP Interface /AWS1/IF_SLK

The "TLA" is a Three Letter Abbreviation that appears in ABAP class names, data dictionary objects and other ABAP objects throughout the AWS SDK for SAP ABAP. The TLA for Amazon Security Lake is SLK. This TLA helps squeeze ABAP objects into the 30-character length limit of the ABAP data dictionary.

Installation

To install the AWS SDK for SAP ABAP, import the Core transport, along with the transport for the SecurityLake module and other API modules you are interested in. A few modules are included in the Core transport itself. For more information, see the Developer Guide guide.

About The Service

Amazon Security Lake is a fully managed security data lake service. You can use Security Lake to automatically centralize security data from cloud, on-premises, and custom sources into a data lake that's stored in your Amazon Web Services account. Amazon Web Services Organizations is an account management service that lets you consolidate multiple Amazon Web Services accounts into an organization that you create and centrally manage. With Organizations, you can create member accounts and invite existing accounts to join your organization. Security Lake helps you analyze security data for a more complete understanding of your security posture across the entire organization. It can also help you improve the protection of your workloads, applications, and data.

The data lake is backed by Amazon Simple Storage Service (Amazon S3) buckets, and you retain ownership over your data.

Amazon Security Lake integrates with CloudTrail, a service that provides a record of actions taken by a user, role, or an Amazon Web Services service. In Security Lake, CloudTrail captures API calls for Security Lake as events. The calls captured include calls from the Security Lake console and code calls to the Security Lake API operations. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Security Lake. If you don't configure a trail, you can still view the most recent events in the CloudTrail console in Event history. Using the information collected by CloudTrail you can determine the request that was made to Security Lake, the IP address from which the request was made, who made the request, when it was made, and additional details. To learn more about Security Lake information in CloudTrail, see the Amazon Security Lake User Guide.

Security Lake automates the collection of security-related log and event data from integrated Amazon Web Services and third-party services. It also helps you manage the lifecycle of data with customizable retention and replication settings. Security Lake converts ingested data into Apache Parquet format and a standard open-source schema called the Open Cybersecurity Schema Framework (OCSF).

Other Amazon Web Services and third-party services can subscribe to the data that's stored in Security Lake for incident response and security data analytics.

Using the SDK

In your code, create a client using the SDK module for Amazon Security Lake, which is created with factory method /AWS1/CL_SLK_FACTORY=>create(). In this example we will assume you have configured an SDK profile in transaction /AWS1/IMG called ZFINANCE.

DATA(go_session)   = /aws1/cl_rt_session_aws=>create( 'ZFINANCE' ).
DATA(go_slk)       = /aws1/cl_slk_factory=>create( go_session ).

Your variable go_slk is an instance of /AWS1/IF_SLK, and all of the operations in the Amazon Security Lake service are accessed by calling methods in /AWS1/IF_SLK.

API Operations

For an overview of ABAP method calls corresponding to API operations in Amazon Security Lake, see the Operation List.

Factory Method

/AWS1/CL_SLK_FACTORY=>create( )

Creates an object of type /AWS1/IF_SLK.

IMPORTING

Optional arguments:

IV_PROTOCOL TYPE /AWS1/RT_PROTOCOL

IO_SESSION TYPE REF TO /AWS1/CL_RT_SESSION_BASE

IV_REGION TYPE /AWS1/RT_REGION_ID

IV_CUSTOM_ENDPOINT TYPE /AWS1/RT_ENDPOINT

RETURNING

OO_CLIENT TYPE REF TO /AWS1/IF_SLK

/AWS1/IF_SLK represents the ABAP client for the SecurityLake service, representing each operation as a method call. For more information see the API Page page.

Configuring Programmatically

DATA(lo_config) = DATA(go_slk)->get_config( ).

lo_config is a variable of type /AWS1/CL_SLK_CONFIG. See the documentation for /AWS1/CL_SLK_CONFIG for details on the settings that can be configured.

Paginators

Paginators for Amazon Security Lake can be created via get_paginator() which returns a paginator object of type /AWS1/IF_SLK_PAGINATOR. The operation method that is being paginated is called using the paginator object, which accepts any necessary parameters to provide to the underlying API operation. This returns an iterator object which can be used to iterate over paginated results using has_next() and get_next() methods.

Details about the paginator methods available for service Amazon Security Lake can be found in interface /AWS1/IF_SLK_PAGINATOR.