CloudWatch metrics for Amazon Security Lake
You can monitor Security Lake using Amazon CloudWatch, which collects raw data every minute and processes it into readable, near real-time metrics. These statistics are kept for 15 months, so that you can access historical information and gain a better perspective on the data in your data lake. You can also set alarms that watch for certain thresholds, and send notifications or take actions when those thresholds are met.
Topics
Security Lake metrics and dimensions
The AWS/SecurityLake namespace includes the following metrics.
| Metric | Description |
|---|---|
|
|
The volume of data from natively-supported AWS services that's currently stored in your data lake. Units: Bytes |
The following dimensions are available for Security Lake metrics.
| Dimension | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
You can view metrics for specific AWS accounts (Per-Account Source Version Metrics)
or for all accounts in an organization (Per-Source Version Metrics).
Viewing CloudWatch metrics for Security Lake
You can monitor metrics for Security Lake using the CloudWatch console, CloudWatch's own command line interface (CLI), or programmatically using the CloudWatch API. Choose your preferred method, and follow the steps to access Security Lake metrics.
For more information about monitoring using metrics, see Use Amazon CloudWatch metrics in the Amazon CloudWatch User Guide.
Setting CloudWatch alarms for Security Lake metrics
CloudWatch also allows you to set alarms when a threshold is met for a metric. For example, you could set an alarm for the ProcessedSize metric, so that you're notified when the volume of data from a specific source exceeds a specific threshold.
For instructions on setting alarms, see Using Amazon CloudWatch alarms in the Amazon CloudWatch User Guide.
