Source partners can send logs and security events to your security data lake in the OCSF format. Subscriber partners help you analyze and address a variety of security use cases such as threat detection, investigation, and incident response. Services partners can help you build and utilize your security data lake.
Technical Documentation for Partners
If you use third-party integrations that send findings to Security Hub, you can also view those findings in Security Lake if the Security Hub integration for Security Lake is enabled. For a list of third-party Security Hub integrations, see Available third-party partner product integrations in the AWS Security Hub User Guide.
Source partners
Send Armis security findings and device inventory data to Security Lake for faster security event response, simplified compliance, and unified data management.
The integration of Aqua Security and Amazon Security Lake utilizes the OCSF format allowing security teams to collect data from various sources and correlate it with their sources to get an enhanced security evaluation, reduce the time to detect issues and resolve them by enabling security teams to scan any type of workload.
It’s time to protect your business. Send Barracuda Security Findings to Amazon Security Lake for log retention, and analytics.
AIShield powered by Bosch provides automated vulnerability analysis and
endpoint protection for AI assets through its integration with Amazon Security
Lake
Cisco Secure Firepower Threat Defense is a NGFWv, protecting workloads from network security threats.
You can use the xDome/Medigate integration to send alerts and vulnerabilities to the Amazon Security Lake.
Confluent's event streaming platform enables customers to easily source data from disparate systems, enrich, and send that data into Amazon Security Lake in OCSF format.
A world-leading code security platform company purposely built for developers to get secure code moving and trusted by security teams to protect business applications.
Cribl is a vendor-agnostic observability pipeline that gives customers flexibility to route and process data at scale from any source to any destination within their data infrastructure. With extensive experience building and deploying log analytics and observability solutions for some of the world's largest organizations, Cribl helps customers take control of their data to support their business goals.
CrowdStrike FDR delivers and enriches endpoint, cloud workload and identity data with the CrowdStrike Security Cloud and world-class artificial intelligence (AI), enabling your team to derive actionable insights to improve security operations center (SOC) performance.
CyberArk is a global leader in Identity Security. Centered on privileged access management, CyberArk provides a comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle.
With Darktrace DETECT and RESPOND AI engines covering all assets across IT, OT, network, endpoint, IoT, email and cloud, organizations can use Darktrace’s rich and context-aware datapoints in Amazon Security Lake. “
Centralize your security data in Amazon Security Lake using DataBahn’s Security Data Fabric
Enhance your workload and application security by integrating network data, including detections of IOCs, from ExtraHop Reveal(x) 360 to Amazon Security Lake.
Send Fortinet CNF logs into Amazon Security Lake. FortiGate CNF provides customers with an easy way to protect their cloud networks and manage security policies using a Cloud Native NGFW as a Service.
Gigamon leverages deep packet inspection (DPI) to extract over 7500+ app related metadata attributes from the raw packets in the network. With Amazon Security Lake integration, users can centralize security data to get a complete understanding of the security data across the entire organization.
Lacework Polygraph® Data Platform learns and understands behaviors that introduce risk across your entire cloud environment, so our customers can innovate with speed and safety. With visibility from code to cloud and automated insights into unusual activity, threats, vulnerabilities, and misconfigurations, they gain the context to prioritize and act faster.
Laminar Data Security Posture Management (DSPM) enhances logs, investigations, and remediations with data security events.
Monad automatically transforms your security data into OCSF format and sends it directly to your Amazon Security Lake.
NETSCOUT assures the quality of digital services and protects them against poor performance and cybersecurity threats.
Netskope provides continuous security posture assessment for your AWS workloads and services to reduce risk and help ensure compliance. We also enhance protection of your data in several ways: API-based protection discovers sensitive data at rest and scans data stores for malware, while Inline protection extends visibility and control to unsanctioned accounts which can prevent data exfiltration.
Okta is a leading independent provider of identity for the enterprise. The Okta Identity Cloud enables organizations to securely connect the right people to the right technologies at the right time. With over 6,500 pre-built integrations to applications and infrastructure providers, Okta customers can easily and securely use the best technologies for their business. More than 8,950 organizations.
Orca Security is the industry-leading agentless Cloud Security Platform that identifies, prioritizes, and remediates risks across your entire AWS environment.
Palo Alto Networks provides a broad portfolio of security solutions purpose built for AWS.
Our intelligent identity solutions allow enterprises to deliver secure and seamless digital experiences to customers & employees.
Seamlessly integrate SailPoint IdentityNow events with Amazon Security Lake, enhancing threat detection by aggregating and analyzing diverse security data in the OCSF format.
Sentra’s agentless platform delivers data-context events in OCSF format to enrich security-related logs in Amazon Security Lake.
Sysdig's runtime insights combined with Amazon Security Lake offer customers a comprehensive view of cloud security risks.
Talon's Enterprise Browser, a secure and isolated browser-based endpoint environment sends Talon Access, data protection, SaaS actions and security events to Amazon Security Lake - providing visibility and option to cross-correlate events for detection, forensics and investigations
Tanium is a converge endpoint management and security platform built for the most demanding IT environments. Unparalleled speed, visibility and scale: Get instant visibility and control of laptops, servers, virtual machines, and cloud infrastructure—at scale.
Torq provides enterprise-scale automation and orchestration with a simple no-code platform.
Gain greater visibility, and conduct streamlined, efficient SecOps with Trellix Helix. Integrate over 1000 Trellix solutions and third-party data sources and products.
Receive threat events from Falco, the OSS standard for runtime security across Kubernetes, containers, and cloud.
Trend Micro a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and innovation, Trend Micro protects 500,000+ organizations across cloud, networks, devices, and endpoints. As a leader in cloud & enterprise security, Trend Micro delivers central visibility for better, faster detection and response and a powerful set of advanced threat defense techniques for dynamic, hybrid environments.
Uptycs reduces risk by prioritizing threats and vulnerabilities across cloud, containers, and endpoints—all from a single UI. Shift up your cybersecurity with Uptycs.
Vectra® is a cybersecurity platform that uses AI to detect attackers in real time and perform conclusive incident investigations.
Reimagine Cloud Security. Visualize how attackers move laterally by exploiting resource relationships, misconfigurations, & entitlements. Leverage real-time detection, machine learning, & automation to stay on top of critical cloud risks.
Wiz is on a mission to help organizations create secure cloud environments that accelerate their businesses. By creating a normalizing layer between cloud environments, our platform enables organizations to rapidly identify and remove critical risks.
Zscaler Posture Control™, a cloud native application protection platform (CNAPP), supports native Amazon Security Lake integration.
Subscriber partners
The ChaosSearch Amazon Security Lake integration enables customers to analyze all telemetry in their Amazon S3 via Opensearch Dashboards/Superset with unlimited retention and industry-leading cost to mitigate security threats and meet compliance obligations.
Cribl, the Data Engine for IT and Security, empowers organizations to modernize their data management strategy. Customers use Cribl to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs. Cribl Search enables customers to query information at rest in Amazon Security Lake to gain valuable insight from that data.
Simplify ingestion of Amazon Security Lake data with the CrowdStrike Falcon Next-Gen SIEM data connector featuring native OCSF schema parsers. Falcon NG SIEM revolutionizes threat detection, investigation and response by bringing together unmatched security depth and breadth in one unified platform to stop breaches.
CloudFastener uses Amazon Security Lake to make it easier to consolidate security data from customers' cloud environments.
The Devo Platform enables security and operations teams to address common use cases including centralized logging, SIEM, compliance, fraud detection, and more. The Platform includes tightly integrated applications for security and IT teams.
Datadog Cloud SIEM detects real-time threats to your cloud environment, unifying DevOps and security teams in one platform.
Elastic Security integrates with Amazon Security Lake arming SecOps teams to protect, detect, and respond at scale.
Gain instantaneous compliance automation, prioritization of security findings, and tailored patches. HTCD can query Amazon Security Lake to help you uncover threats with natural language queries and AI-driven insights.
QRadar SIEM with UAX integrates Amazon Security Lake in an analytics platform that identifies and prevents threats across hybrid cloud.
New Relic is an observability platform built to help engineers create more perfect software. From monoliths to serverless, you can instrument everything, then analyze, troubleshoot, and optimize your entire software stack - all from one place.
Palo Alto Networks provides a broad portfolio of security solutions purpose built for AWS.
Panther supports ingesting Amazon Security Lake logs for use in detections and search.
Query Federated Search can directly query any Security Lake table via Amazon Athena to support incident response, investigations, threat hunting, and general search across a variety of Observables, Events, and Objects in the OCSF schema
Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. Our solutions empower organizations to prevent attacks by providing visibility into vulnerabilities and to rapidly detect compromises, respond to breaches, and correct the underlying causes of attacks.
Labyrinth for Threat Investigations (LTI) provides a comprehensive enterprise-wide approach to threat exploration at scale based on data fusion, with fine-grained security, adaptable workflows and sophisticated reporting. Augment your analysts with LTI’s Security Lake integration including native OCSF schema support. With LTI, analysts can assess, investigate and manage risk across your environments, enriching your investigations with external data sources using Ripjar's RPA workflows and AI based analytics.
Securonix Next-Gen SIEM integrates with Amazon Security Lake, empowering security teams to realize faster data ingestion and expand detection and response.
The Splunk AWS Add-On for Amazon Web Services (AWS) supports ingestion from Amazon Security Lake. This feature enables customers to accelerate threat detection, investigation, and response by subscribing to OCSF formatted data from Amazon Security Lake.
Secure digital transformation: Uncover early threats with actionable insights to reduce investigation and response times.
SOC Prime empowers smart data orchestration, cost-efficient & zero-trust threat hunting, and dynamic attack surface visibility leaving no chance for a breach to go undetected.
Stellar Cyber delivers comprehensive, unified security without complexity, empowering lean security teams of any skill to secure their environments successfully. With the Stellar Cyber Open XDR Platform, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering a 8X improvement in MTTD and an 20X improvement in MTTR.
Swimlane is at the forefront of the security orchestration, automation and response (SOAR) solution market and was founded to deliver scalable security solutions to organizations struggling with alert fatigue, vendor proliferation and chronic staffing shortages.
Threat detection and correlation at speed and scale, built on your security data in Amazon Security Lake.
Faster, more accurate decision making with Tines Automation + Amazon Security Lake.
Torq provides enterprise-scale automation and orchestration with a simple no-code platform.
Gain greater visibility, and conduct streamlined, efficient SecOps with Trellix Helix. Integrate over 1000 Trellix solutions and third-party data sources and products.
Wazuh open source unified XDR and SIEM platform integrates with Amazon Security Lake for extended endpoint and cloud workload protection.
Service partners
Accenture's MxDR integration with Security Lake offers real-time data ingestion, managed anomaly detection, threat hunting, and security operations.
Booz Allen Hamilton enables a modern data-driven approach to cyber security by applying our proven tradecraft to Next-Gen Security which fuses Data and Analytics with the Amazon Security Lake service.
Increase business agility by integrating security early and continuously through design, automation and continuous assurance processes.
The CAE suite of customized analytic and Artificial intelligence / Machine Learning (AI/ML) capabilities automatically provide actionable insights to users based on models that run against the Amazon Security Lake OCSF formatted data.
DXC Technology helps you run mission-critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability across clouds.
The AIsaac MDR platform can consume VPC Flow Logs ingested in OCSF schema in Security Lake and utilizes AI models for detecting threats.
Enabling Security Lake to take control of your Data Sources and Empower Cyber Operations
IBM Cyber Threat Management services seamlessly integrate data and analytics from the Amazon Security Lake platform. This innovation plays a pivotal role, enabling the consolidation of data from diverse sources into a dedicated data lake to detect and respond threats across hybrid cloud.
Infosys Cyber Next ingests events in OCSF schema from Security Lake to provide deep visibility into security events, capability for automated response to contain and remediate security anomalies, intelligence of latest threats that could damage business, proactive vulnerability management, ability to manage security & architecture compliance.
Insbuilt is a firm specialized in Cloud & Analytics Consulting services partner with services for Data Lakes AWS (Analytics) - Lambda AWS - Landing Zone AWS - Migration Discovery AWS - Machine Learning Discovery on AWS - Cloud Migration
Kudelski Security integrates with Amazon Security lake, offering a comprehensive
portfolio of cloud security services to support customers throughout their digital
transformation journey, providing support for safe migration and operations.
Kyndryl is expanding its security capabilities by integrating with Security Lake to provide interoperability of cyber data, threat intelligence, and AI-powered analytics.
Leidos is a science and technology solutions leader working to address some of the world’s toughest challenges in the defense, intelligence, homeland security, civil, and healthcare markets.
MegazoneCloud specializes in cloud consulting services and can help you understand how to implement Security Lake in your organization. We connect Security Lake with integrated ISV solutions to build custom tasks, and build customized insights related with customer needs.
PwC’s Cyber, Risk, and Regulatory Practice brings knowledge and expertise to aid clients in
implementing the fusion center to meet their individual needs. Built on Amazon Security Lake, the fusion center provides the ability to combine data from a variety of sources to create a centralized, near real-time view. The dashboard features visualizations, drill-down capabilities, and automated workflows, enabling teams to quickly identify, investigate, and respond to potential risks posed by the ever-evolving threat actors.
SOC Prime empowers smart data orchestration, cost-efficient & zero-trust threat hunting, and dynamic attack surface visibility leaving no chance for a breach to go undetected.
TCS's AWS Business Unit offers innovation, experience, and talent to customers. The AWS-TCS partnership is powered by a decade of joint value creation, deep industry knowledge, technology expertise, and delivery wisdom. This collaboration focuses on delivering full-stack enterprise transformation to the cloud. TCS provides a comprehensive suite of offerings spanning cloud advisory, migration, application and infrastructure modernization, SAP, data and analytics, storage, security, and industry solutions powered with next-generation technologies like AI/ML, Edge/IoT, Serverless, and Low-Code/No-Code.
Wipro is an innovation-led AWS Cloud partner, helping enterprises in their transformation journey across the cloud lifecycle.
Become an AWS Security Lake partner
To become a Security Lake Partner, please send an email to [email protected] with your company and product(s) names, APN tier level, and contact information.
Next Steps
Find an AWS Partner »
Contact an AWS Partner specialist »
Contact an AWS Partner specialist to get help finding and contacting the right partner for your business needs.
Learn more about the APN »
Learn about the benefits of working with AWS Partners, their deep level of expertise, and the partners available for services, products, and solutions.
Become an AWS Partner »
APN Programs support the unique business models of APN members by providing with increased prominence and additional support.