Closed AlexRuiz7 closed 4 months ago
Data lakes should be queried by other AWS services such as:
But Athena seems to be the predilect way to do it.
With regards to permissions, Amazon suggests using the following roles:
The role that enables Security Lake (when done through the web UI) gets database view permissions automatically.
Permissions can be granted on table, database or views.
In order to be able to query Security Lake using Athena (which seems to be the predilect way to do it), query access should be granted following the guide below:
Queries to Security Lake are performed using a SQL like language:
As far as I can gather, I need to create a database/table out of the content of the S3 bucket
I've struggled to create a database out of one of our sample SecurityLake S3 buckets. It seems I need to provide an output location, but I'm not sure where to find that field.
We now have the required permissions to query the database in Athena. We did also run the Crawler manually to populate the database table with the latest data in the custom source prefix of the Amazon Security Lake S3 bucket.
Therefore, we conclude the data written to the S3 bucket is under the right format, exploitable through SQL queries and or subscriptions and that our integration works as desired.
Description
Related issue: #128
To complete the Wazuh integration with Amazon Security Lake, we need that the data sent to Amazon Security Lake is exploitable, meaning the data is written properly and that the integration works as expected.
https://aws.amazon.com/es/blogs/security/how-to-visualize-amazon-security-lake-findings-with-amazon-quicksight/