Skip to content

Create Custom Log Source

securitylake_create_custom_log_source R Documentation

Adds a third-party custom source in Amazon Security Lake, from the Amazon Web Services Region where you want to create a custom source

Description

Adds a third-party custom source in Amazon Security Lake, from the Amazon Web Services Region where you want to create a custom source. Security Lake can collect logs and events from third-party custom sources. After creating the appropriate IAM role to invoke Glue crawler, use this API to add a custom source name in Security Lake. This operation creates a partition in the Amazon S3 bucket for Security Lake as the target location for log files from the custom source. In addition, this operation also creates an associated Glue table and an Glue crawler.

Usage

securitylake_create_custom_log_source(configuration, eventClasses,
  sourceName, sourceVersion)

Arguments

configuration

[required] The configuration for the third-party custom source.

eventClasses

The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake. The supported event classes are:

  • ACCESS_ACTIVITY

  • FILE_ACTIVITY

  • KERNEL_ACTIVITY

  • KERNEL_EXTENSION

  • MEMORY_ACTIVITY

  • MODULE_ACTIVITY

  • PROCESS_ACTIVITY

  • REGISTRY_KEY_ACTIVITY

  • REGISTRY_VALUE_ACTIVITY

  • RESOURCE_ACTIVITY

  • SCHEDULED_JOB_ACTIVITY

  • SECURITY_FINDING

  • ACCOUNT_CHANGE

  • AUTHENTICATION

  • AUTHORIZATION

  • ENTITY_MANAGEMENT_AUDIT

  • DHCP_ACTIVITY

  • NETWORK_ACTIVITY

  • DNS_ACTIVITY

  • FTP_ACTIVITY

  • HTTP_ACTIVITY

  • RDP_ACTIVITY

  • SMB_ACTIVITY

  • SSH_ACTIVITY

  • CONFIG_STATE

  • INVENTORY_INFO

  • EMAIL_ACTIVITY

  • API_ACTIVITY

  • CLOUD_API

sourceName

[required] Specify the name for a third-party custom source. This must be a Regionally unique value.

sourceVersion

Specify the source version for the third-party custom source, to limit log collection to a specific version of custom data source.

Value

A list with the following syntax: 

list(
  source = list(
    attributes = list(
      crawlerArn = "string",
      databaseArn = "string",
      tableArn = "string"
    ),
    provider = list(
      location = "string",
      roleArn = "string"
    ),
    sourceName = "string",
    sourceVersion = "string"
  )
)

Request syntax

svc$create_custom_log_source(
  configuration = list(
    crawlerConfiguration = list(
      roleArn = "string"
    ),
    providerIdentity = list(
      externalId = "string",
      principal = "string"
    )
  ),
  eventClasses = list(
    "string"
  ),
  sourceName = "string",
  sourceVersion = "string"
)