AWS re:Inforce 2024
Building a Better Lake Federated Search for Amazon Security Lake Tdr226 S

Title: AWS re:Inforce 2024 - Building a better lake: Federated search for Amazon Security Lake (TDR226-S)

Insights:

  • Introduction and Collaboration: The session was led by Colin Gibbons from Splunk and Javier Teitelbaum from AWS, focusing on the collaboration between Splunk and AWS, particularly around Amazon Security Lake and the OCSF schema.
  • OCSF Schema: The Open Cybersecurity Schema Framework (OCSF) is a key component adopted by AWS for Security Lake, enabling standardized data formats and easier integration with partner solutions like Splunk.
  • Amazon Security Lake: Described as a purpose-built data lake solution, Amazon Security Lake centralizes and manages data across AWS environments, on-premise sources, and partner solutions, making it accessible in a consistent format.
  • Technical Architecture: Security Lake utilizes S3 buckets, Glue crawlers, tables, and custom Lambda functions to create a "write once, read many" functionality, facilitating data actionability by services like Splunk.
  • Splunk and Security Lake Integration: Splunk's role is highlighted as a multifunction tool for data storage, incident response, and graphical analysis, which complements Security Lake's data management capabilities.
  • Federated Search and Analytics: The new integration, Federated Analytics, allows Splunk users to search and analyze data stored in Security Lake without needing to import it into Splunk, enhancing efficiency and compliance.
  • Use Cases: Key use cases include long-term data storage for compliance, threat detection, threat hunting, and retrospective investigation, leveraging the combined capabilities of Splunk and Security Lake.
  • Operational Benefits: The integration supports real-time and scheduled querying, enabling rapid incident response and compliance with regulatory requirements like those from the SEC.
  • Future Developments: The session concluded with an invitation to learn more about the integration and its upcoming release, emphasizing ongoing development and future availability.

Quotes:

  • "Splunk has been working with Amazon for quite some time on a few initiatives. One of the initiatives was with Amazon Security Lake."
  • "OCSF is really the glue that's putting this all together enabling the partner functionality and the additional services and tools to be able to take action on the data centrally stored and managed within Security Lake."
  • "Amazon Security Lake is a purpose-built data lake solution. The purpose of it is to centralize and manage data across AWS environments, on-premise sources, and partner solutions."
  • "With Splunk, one is able to simply use Splunk to create reports and dashboards and to create visualizations and index data that's stored centrally in the security lake for actionable insight."
  • "Federated Analytics is something that we announced, and it's going to be, there's two aspects of it."
  • "The power of Splunk, data aggregation, Splunk, you know, as your Splunk customer, you can basically send any log information you want to Splunk."
  • "Customers have been asking Splunk, hey, can you help bridge this gap between Splunk and Amazon?"
  • "We did not GA. We did not. It's not released yet. We just basically made the announcement."
Build Responsible Ai Applications with Guardrails for Amazon Bedrock Grc325Building a Secure End to End Generative Ai Application in the Cloud Nis321