Skip to content

Create Custom Log Source

securitylake_create_custom_log_source R Documentation

Adds a third-party custom source in Amazon Security Lake, from the Amazon Web Services Region where you want to create a custom source

Description

Adds a third-party custom source in Amazon Security Lake, from the Amazon Web Services Region where you want to create a custom source. Security Lake can collect logs and events from third-party custom sources. After creating the appropriate IAM role to invoke Glue crawler, use this API to add a custom source name in Security Lake. This operation creates a partition in the Amazon S3 bucket for Security Lake as the target location for log files from the custom source. In addition, this operation also creates an associated Glue table and an Glue crawler.

Usage

securitylake_create_custom_log_source(configuration, eventClasses,
  sourceName, sourceVersion)

Arguments

configuration

[required] The configuration used for the third-party custom source.

eventClasses

The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake. For the list of supported event classes, see the Amazon Security Lake User Guide.

sourceName

[required] Specify the name for a third-party custom source. This must be a Regionally unique value. The sourceName you enter here, is used in the LogProviderRole name which follows the convention ⁠AmazonSecurityLake-Provider-{name of the custom source}-{region}⁠. You must use a CustomLogSource name that is shorter than or equal to 20 characters. This ensures that the LogProviderRole name is below the 64 character limit.

sourceVersion

Specify the source version for the third-party custom source, to limit log collection to a specific version of custom data source.

Value

A list with the following syntax: 

list(
  source = list(
    attributes = list(
      crawlerArn = "string",
      databaseArn = "string",
      tableArn = "string"
    ),
    provider = list(
      location = "string",
      roleArn = "string"
    ),
    sourceName = "string",
    sourceVersion = "string"
  )
)

Request syntax

svc$create_custom_log_source(
  configuration = list(
    crawlerConfiguration = list(
      roleArn = "string"
    ),
    providerIdentity = list(
      externalId = "string",
      principal = "string"
    )
  ),
  eventClasses = list(
    "string"
  ),
  sourceName = "string",
  sourceVersion = "string"
)