Security Analytics¶
Goal¶
Analyze findings and correlate events.
Core Services¶
| Service | Purpose |
|---|---|
| Security Lake | Central data lake |
| Athena | SQL queries |
| OpenSearch | Search |
| Managed Grafana | Visualization |
| Lambda | Transform logs |
Flow¶
CloudTrail → Security Lake → Athena → OpenSearch → Dashboard
Know¶
Security Lake¶
- OCSF
Athena¶
- Query S3
OpenSearch¶
- Correlation
Grafana¶
- Visualization
Lambda¶
- Processing
Exam Trigger Words¶
"search logs" → Athena
"visualize" → Grafana
"correlate" → OpenSearch