- Newest
- Most votes
- Most comments
-
Cross-Account Data Sharing: You can share security telemetry across accounts using AWS Lake Formation. By configuring permissions appropriately, you can grant a consumer AWS account (Account B) access to the security telemetry of the producer account (Account A). You will use data lake permission filters to control access to the tables and need to ensure that the consumer account accepts the AWS Resource Access Manager invitation and creates resource links for the shared table.
-
Using Athena for Queries: To access and query the shared data, the consumer account may use Amazon Athena. It's necessary to configure an S3 bucket to store query results from Athena. Once set up, you can perform queries on the shared tables using the Athena query editor.
-
Enriching Security Lake Data: To enrich your data with AWS account metadata, you can create an Athena View. This view will join datasets and filter results to only return findings from the AWS Foundational Security Best Practices Standard, for example.
Regarding the conversion of AWS Security Hub findings to the Open Cybersecurity Schema Framework (OCSF) format:
- Amazon Security Lake Integration: Amazon Security Lake natively supports integration with multiple third-party providers and can handle data in OCSF format. Providers may offer source, subscriber, or service integrations with Security Lake, which can send data to or read data from Security Lake in OCSF schema.
To directly address your questions:
-
Sending AWS Security Hub Events to a Vendor's Security Data Lake: You can configure cross-account sharing using AWS Lake Formation and ensure that the vendor's account has the necessary permissions to access your Security Lake data. You'll need to set up data permissions and resource links for the vendor to access your data.
-
Converting to OCSF Format Without Security Data Lake: While Amazon Security Lake can receive and store data in OCSF format, if you're looking to convert AWS Security Hub findings to OCSF format without enabling Amazon Security Lake, you might need to look into third-party tools or services that offer such conversion. AWS documentation or vendor-specific integration guides might offer tools for this conversion.
Relevant content
- Accepted Answerasked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 5 months ago