String errorCode
A coded string to provide more information about the access denied exception. You can use the error code to check the exception type.
List<E> accounts
Specify the Amazon Web Services account information where you want to enable Security Lake.
List<E> regions
Specify the Regions where you want to enable Security Lake.
String sourceName
The name for a Amazon Web Services source. This must be a Regionally unique value.
String sourceVersion
The version for a Amazon Web Services source. This must be a Regionally unique value.
CustomLogSourceConfiguration configuration
The configuration for the third-party custom source.
List<E> eventClasses
The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake. The supported event classes are:
ACCESS_ACTIVITY
FILE_ACTIVITY
KERNEL_ACTIVITY
KERNEL_EXTENSION
MEMORY_ACTIVITY
MODULE_ACTIVITY
PROCESS_ACTIVITY
REGISTRY_KEY_ACTIVITY
REGISTRY_VALUE_ACTIVITY
RESOURCE_ACTIVITY
SCHEDULED_JOB_ACTIVITY
SECURITY_FINDING
ACCOUNT_CHANGE
AUTHENTICATION
AUTHORIZATION
ENTITY_MANAGEMENT_AUDIT
DHCP_ACTIVITY
NETWORK_ACTIVITY
DNS_ACTIVITY
FTP_ACTIVITY
HTTP_ACTIVITY
RDP_ACTIVITY
SMB_ACTIVITY
SSH_ACTIVITY
CONFIG_STATE
INVENTORY_INFO
EMAIL_ACTIVITY
API_ACTIVITY
CLOUD_API
String sourceName
Specify the name for a third-party custom source. This must be a Regionally unique value.
String sourceVersion
Specify the source version for the third-party custom source, to limit log collection to a specific version of custom data source.
CustomLogSourceResource source
The created third-party custom source.
Long exceptionTimeToLive
The expiration period and time-to-live (TTL).
String notificationEndpoint
The Amazon Web Services account where you want to receive exception notifications.
String subscriptionProtocol
The subscription protocol to which exception notifications are posted.
List<E> configurations
Specify the Region or Regions that will contribute data to the rollup region.
String metaStoreManagerRoleArn
The Amazon Resource Name (ARN) used to create and update the Glue table. This table contains partitions generated by the ingestion and normalization of Amazon Web Services log sources and custom sources.
List<E> tags
An array of objects, one for each tag to associate with the data lake configuration. For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string.
NotificationConfiguration configuration
Specify the configuration using which you want to create the subscriber notification.
String subscriberId
The subscriber ID for the notification subscription.
String subscriberEndpoint
The subscriber endpoint to which exception messages are posted.
List<E> accessTypes
The Amazon S3 or Lake Formation access type.
List<E> sources
The supported Amazon Web Services from which logs and events are collected. Security Lake supports log and event collection for natively supported Amazon Web Services.
String subscriberDescription
The description for your subscriber account in Security Lake.
AwsIdentity subscriberIdentity
The AWS identity used to access your data.
String subscriberName
The name of your Security Lake subscriber account.
List<E> tags
An array of objects, one for each tag to associate with the subscriber. For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string.
SubscriberResource subscriber
Retrieve information about the subscriber created using the CreateSubscriber API.
CustomLogSourceCrawlerConfiguration crawlerConfiguration
The configuration for the Glue Crawler for the third-party custom source.
AwsIdentity providerIdentity
The identity of the log provider for the third-party custom source.
String roleArn
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role to be used by the Glue crawler. The recommended IAM policies are:
The managed policy AWSGlueServiceRole
A custom policy granting access to your Amazon S3 Data Lake
String location
The location of the partition in the Amazon S3 bucket for Security Lake.
String roleArn
The ARN of the IAM role to be used by the entity putting logs into your custom source partition. Security Lake
will apply the correct access policies to this role, but you must first manually create the trust policy for this
role. The IAM role name must start with the text 'Security Lake'. The IAM role must trust the
logProviderAccountId to assume the role.
CustomLogSourceAttributes attributes
The attributes of a third-party custom source.
CustomLogSourceProvider provider
The details of the log provider for a third-party custom source.
String sourceName
The name for a third-party custom source. This must be a Regionally unique value.
String sourceVersion
The version for a third-party custom source. This must be a Regionally unique value.
DataLakeEncryptionConfiguration encryptionConfiguration
Provides encryption details of Amazon Security Lake object.
DataLakeLifecycleConfiguration lifecycleConfiguration
Provides lifecycle details of Amazon Security Lake object.
String region
The Amazon Web Services Regions where Security Lake is automatically enabled.
DataLakeReplicationConfiguration replicationConfiguration
Provides replication details of Amazon Security Lake object.
String kmsKeyId
The id of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object.
String exception
The underlying exception of a Security Lake exception.
String region
The Amazon Web Services Regions where the exception occurred.
String remediation
List of all remediation steps for a Security Lake exception.
Date timestamp
This error can occur if you configure the wrong timestamp format, or if the subset of entries used for validation had errors or missing values.
DataLakeLifecycleExpiration expiration
Provides data expiration details of Amazon Security Lake object.
List<E> transitions
Provides data storage transition details of Amazon Security Lake object.
Integer days
Number of days before data expires in the Amazon Security Lake object.
List<E> regions
Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same Amazon Web Services account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different Amazon Web Services Regions or within the same Region as the source bucket.
Set up one or more rollup Regions by providing the Region or Regions that should contribute to the central rollup Region.
String roleArn
Replication settings for the Amazon S3 buckets. This parameter uses the Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct.
String createStatus
Retrieves the status of the configuration operation for an account in Amazon Security Lake.
String dataLakeArn
The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more information about ARNs and how to use them in policies, see the Amazon Security Lake User Guide.
DataLakeEncryptionConfiguration encryptionConfiguration
Provides encryption details of Amazon Security Lake object.
DataLakeLifecycleConfiguration lifecycleConfiguration
Provides lifecycle details of Amazon Security Lake object.
String region
The Amazon Web Services Regions where Security Lake is enabled.
DataLakeReplicationConfiguration replicationConfiguration
Provides replication details of Amazon Security Lake object.
String s3BucketArn
The ARN for the Amazon Security Lake Amazon S3 bucket.
DataLakeUpdateStatus updateStatus
The status of the last UpdateDataLake or DeleteDataLake API request.
String account
The ID of the Security Lake account for which logs are collected.
List<E> eventClasses
The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake. The supported event classes are:
ACCESS_ACTIVITY
FILE_ACTIVITY
KERNEL_ACTIVITY
KERNEL_EXTENSION
MEMORY_ACTIVITY
MODULE_ACTIVITY
PROCESS_ACTIVITY
REGISTRY_KEY_ACTIVITY
REGISTRY_VALUE_ACTIVITY
RESOURCE_ACTIVITY
SCHEDULED_JOB_ACTIVITY
SECURITY_FINDING
ACCOUNT_CHANGE
AUTHENTICATION
AUTHORIZATION
ENTITY_MANAGEMENT_AUDIT
DHCP_ACTIVITY
NETWORK_ACTIVITY
DNS_ACTIVITY
FTP_ACTIVITY
HTTP_ACTIVITY
RDP_ACTIVITY
SMB_ACTIVITY
SSH_ACTIVITY
CONFIG_STATE
INVENTORY_INFO
EMAIL_ACTIVITY
API_ACTIVITY
CLOUD_API
String sourceName
The supported Amazon Web Services from which logs and events are collected. Amazon Security Lake supports log and event collection for natively supported Amazon Web Services.
List<E> sourceStatuses
The log status for the Security Lake account.
DataLakeUpdateException exception
The details of the last UpdateDataLakeor DeleteDataLake API request which failed.
String requestId
The unique ID for the last UpdateDataLake or DeleteDataLake API request.
String status
The status of the last UpdateDataLake or DeleteDataLake API request that was requested.
String subscriberId
The ID of the Security Lake subscriber account.
String subscriberId
A value created by Security Lake that uniquely identifies your DeleteSubscriber API request.
Long exceptionTimeToLive
The expiration period and time-to-live (TTL).
String notificationEndpoint
The Amazon Web Services account where you receive exception notifications.
String subscriptionProtocol
The subscription protocol to which exception notifications are posted.
List<E> accounts
The Amazon Web Services account ID for which a static snapshot of the current Amazon Web Services Region, including enabled accounts and log sources, is retrieved.
Integer maxResults
The maximum limit of accounts for which the static snapshot of the current Region, including enabled accounts and log sources, is retrieved.
String nextToken
Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.
Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
String dataLakeArn
The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more information about ARNs and how to use them in policies, see the Amazon Security Lake User Guide.
List<E> dataLakeSources
The list of enabled accounts and enabled sources.
String nextToken
Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.
Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
String subscriberId
A value created by Amazon Security Lake that uniquely identifies your GetSubscriber API request.
SubscriberResource subscriber
The subscriber information for the specified subscriber ID.
String authorizationApiKeyName
The key name for the notification subscription.
String authorizationApiKeyValue
The key value for the notification subscription.
String endpoint
The subscription endpoint in Security Lake. If you prefer notification with an HTTPs endpoint, populate this field.
String httpMethod
The HTTPS method used for the notification subscription.
String targetRoleArn
The Amazon Resource Name (ARN) of the EventBridge API destinations IAM role that you created. For more information about ARNs and how to use them in policies, see Managing data access and Amazon Web Services Managed Policies in the Amazon Security Lake User Guide.
Integer maxResults
List the maximum number of failures in Security Lake.
String nextToken
List if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.
Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
List<E> regions
List the Amazon Web Services Regions from which exceptions are retrieved.
List<E> exceptions
Lists the failures that cannot be retried in the current Region.
String nextToken
List if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.
Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
List<E> accounts
The list of Amazon Web Services accounts for which log sources are displayed.
Integer maxResults
The maximum number of accounts for which the log sources are displayed.
String nextToken
If nextToken is returned, there are more results available. You can repeat the call using the returned token to retrieve the next page.
List<E> regions
The list of regions for which log sources are displayed.
List<E> sources
The list of sources for which log sources are displayed.
String resourceArn
The Amazon Resource Name (ARN) of the Amazon Security Lake resource to retrieve the tags for.
AwsLogSourceResource awsLogSource
Amazon Security Lake supports log and event collection for natively supported Amazon Web Services. For more information, see the Amazon Security Lake User Guide.
CustomLogSourceResource customLogSource
Amazon Security Lake supports custom source types. For more information, see the Amazon Security Lake User Guide.
HttpsNotificationConfiguration httpsNotificationConfiguration
The configurations for HTTPS subscriber notification.
SqsNotificationConfiguration sqsNotificationConfiguration
The configurations for SQS subscriber notification.
String accountId
The Amazon Web Services account ID of the Security Lake delegated administrator.
List<E> accessTypes
You can choose to notify subscribers of new objects with an Amazon Simple Queue Service (Amazon SQS) queue or through messaging to an HTTPS endpoint provided by the subscriber.
Subscribers can consume data by directly querying Lake Formation tables in your Amazon S3 bucket through services
like Amazon Athena. This subscription type is defined as LAKEFORMATION.
Date createdAt
The date and time when the subscriber was created.
String resourceShareArn
The Amazon Resource Name (ARN) which uniquely defines the AWS RAM resource share. Before accepting the RAM resource share invitation, you can view details related to the RAM resource share.
This field is available only for Lake Formation subscribers created after March 8, 2023.
String resourceShareName
The name of the resource share.
String roleArn
The Amazon Resource Name (ARN) specifying the role of the subscriber.
String s3BucketArn
The ARN for the Amazon S3 bucket.
List<E> sources
Amazon Security Lake supports log and event collection for natively supported Amazon Web Services. For more information, see the Amazon Security Lake User Guide.
String subscriberArn
The subscriber ARN of the Amazon Security Lake subscriber account.
String subscriberDescription
The subscriber descriptions for a subscriber account. The description for a subscriber includes
subscriberName, accountID, externalID, and subscriberId.
String subscriberEndpoint
The subscriber endpoint to which exception messages are posted.
String subscriberId
The subscriber ID of the Amazon Security Lake subscriber account.
AwsIdentity subscriberIdentity
The AWS identity used to access your data.
String subscriberName
The name of your Amazon Security Lake subscriber account.
String subscriberStatus
The subscriber status of the Amazon Security Lake subscriber account.
Date updatedAt
The date and time when the subscriber was last updated.
String key
The name of the tag. This is a general label that acts as a category for a more specific tag value (
value).
String value
The value that’s associated with the specified tag key (key). This value acts as a descriptor for
the tag key. A tag value cannot be null, but it can be an empty string.
String resourceArn
The Amazon Resource Name (ARN) of the Amazon Security Lake resource to add or update the tags for.
List<E> tags
An array of objects, one for each tag (key and value) to associate with the Amazon Security Lake resource. For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string.
String quotaCode
That the rate of requests to Security Lake is exceeding the request quotas for your Amazon Web Services account.
Integer retryAfterSeconds
Retry the request after the specified time.
String serviceCode
The code for the service in Service Quotas.
Long exceptionTimeToLive
The time-to-live (TTL) for the exception message to remain.
String notificationEndpoint
The account that is subscribed to receive exception notifications.
String subscriptionProtocol
The subscription protocol to which exception messages are posted.
NotificationConfiguration configuration
The configuration for subscriber notification.
String subscriberId
The subscription ID for which the subscription notification is specified.
String subscriberEndpoint
The subscriber endpoint to which exception messages are posted.
List<E> sources
The supported Amazon Web Services from which logs and events are collected. For the list of supported Amazon Web Services, see the Amazon Security Lake User Guide.
String subscriberDescription
The description of the Security Lake account subscriber.
String subscriberId
A value created by Security Lake that uniquely identifies your subscription.
AwsIdentity subscriberIdentity
The AWS identity used to access your data.
String subscriberName
The name of the Security Lake account subscriber.
SubscriberResource subscriber
The updated subscriber information.
Copyright © 2023. All rights reserved.