January 1, 2025
Amazon Security Lake is a great service that makes the collection and centralization of critical AWS infrastructure logs simple and easy. However, getting the logs out of Amazon Security Lake and into your SIEM can be tricky and potentially very costly.
In this talk, we will go over our approach to using Cribl Stream to get logs out of Amazon Security Lake for our 800+ AWS accounts, and how we went about configuring the various relevant pipelines to reduce, transform and aggregate events to achieve a 90%+ log reduction. This includes AWS WAF logs, Route53 DNS query logs, VPC flow logs, and CloudTrail S3 data events.
We'll go over some of the technical details on how we achieved this as well as some lessons learned we picked up along the way.
Cribl, the AI Platform for Telemetry, empowers enterprises to manage and analyze telemetry for both humans and agents with no lock-in, no data loss, no compromises. Trusted by organizations worldwide, including half of the Fortune 100, Cribl gives customers the choice, control, and flexibility to build what’s next.
We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.
get started
See demos by use case, by yourself or with one of our team.
Get hands-on with a Sandbox or guided Cloud Trial.
Process up to 1TB/day, no license required.