USE CASE Query + Amazon Security Lake Elevate Your SecDataOps Game With Query and Amazon Security Lake

Overview

Amazon Security Lake automatically centralizes an organization’s security data from across their AWS environments, leading SaaS providers, on-premises and cloud sources into a purpose-built data lake. It also uses the Open Cybersecurity Schema Framework (OCSF), making it easier for security teams to automatically collect, combine, and analyze security data.

Query is a federated search solution that enables security professionals to make better data-driven decisions, faster. Query delivers a simple search & analytics interface and automatic dashboarding on top of Security Lake so security teams – from SOC analysts to threat hunters to security architects – can quickly access, search, and get answers from data stored in Security Lake.

Together, Query and Amazon Security Lake give customers a purpose-built security data lake that aggregates, normalizes and optimizes large volumes of disparate log and event data, along with a search and analytics interface that will feel familiar to security professionals of any skill level.

amazon security lake access in query screenshot
The Query Findings Dashboard for Amazon Security Lake

Features:

  • Search & analytics interface providing a normalized view of all connected data sources
  • Out-of-the-Box Dashboards for Findings, Entities, Application Activity, Discovery Events, IAM, Network Activity, and System Activity
  • An AI-powered Query Copilot assists users with data summaries, recommended remediations, follow up actions, and more
  • Support for all AWS first-party data sources & a pre-built connector to map any custom data source
  • Identification of table format, OCSF version, and mappings are handled automatically. All event classes supported for OCSF 1.0.0-rc2, 1.1.0, 1.2.0 and 1.3.0 with backwards compatibility
  • Serves as a query planner and translation engine atop every table in Security Lake plus over 30 additional connected data sources

Benefits:

  • Faster, more accurate investigation outcomes
  • Eliminate analyst time lost to pivoting across multiple tools and browser tabs
  • Reduce or eliminate the need to build and maintain data pipelines
  • Simplify your compliance monitoring and reporting
  • Analyze multiple years of security data quickly
  • Unify security data management across hybrid environments
  • Flexible & extensible security data architecture
  • Optimize costs by decoupling search & analytics from data storage

Want to see more?

How it Works

query amazon security lake how it works chart
query amazon security lake how it works chart mobile

Industry Feedback

“Query’s integration with Amazon Security Lake has allowed us to fundamentally change our security operations. Query gives an easy interface, with no specialized language or additional syntax to learn. We’re increasing the speed of adoption and getting to insights and answers faster.” TROY WILKINSON GLOBAL CISO, INTERPUBLIC GROUP interpublic group logo

Learn More

query aws marketplace listing

Query AWS Marketplace Listing
query amazon security lake documentation

Query Amazon Security Lake Documentation
query amazon security lake support announcement

Query Announces Support for Amazon Security Lake
query s3 event data blog

Amazon Security Lake S3 Event Data Logs & Query Federated Search
query aws vpc flowlogs blog

AWS VPC Flow Log via Security Lake Integrated Into Query To Enrich Federated Search
query aws security lake wiz.io cnapp data

AWS Security Lake & Query Federated Search with Wiz.io CNAPP Data

Query + AWS Partner Network

AWS Partner Badge AWS Qualified Software Badge

AWS Partner Network — Software Path — Verified Solution

Amazon Security Lake — Subscriber Partner

To top
Untitled Document