Amazon Security Lake is a great service that makes the collection and centralization of critical AWS infrastructure logs simple and easy. However, getting the logs out of Amazon Security Lake and into your SIEM can be tricky and potentially very costly.
In this talk, we will go over our approach to using Cribl Stream to get logs out of Amazon Security Lake for our 800+ AWS accounts, and how we went about configuring the various relevant pipelines to reduce, transform and aggregate events to achieve a 90%+ log reduction. This includes AWS WAF logs, Route53 DNS query logs, VPC flow logs, and CloudTrail S3 data events.
We'll go over some of the technical details on how we achieved this as well as some lessons learned we picked up along the way.
Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.
We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.
get started
See demos by use case, by yourself or with one of our team.
Get hands-on with a Sandbox or guided Cloud Trial.
Process up to 1TB/day, no license required.