Actu
SentinelOne announces support for Amazon Security Lake to power cloud investigations
December 2022 by Marc Jacob
SentinelOne announced SentinelOne Singularity Cloud works with Amazon Security Lake from Amazon Web Services (AWS) to support hunting, threat investigations, and forensics on cloud logs within the SentinelOne Singularity XDR Platform.
Amazon Security Lake is a new service that automatically centralises an organisation’s security data from cloud, on-premises, and custom sources into a customer owned, purpose-built data lake. Both Singularity Cloud and Amazon Security Lake use the Open Cybersecurity Schema Framework (OCSF) to simplify how logs are ingested, searched, and analysed. As a result, customers can begin investigations without any effort to parse or normalise security logs.
SentinelOne’s Singularity Cloud consists of a Cloud Workload Security (CWS) solution that offers near real-time threat detection and prevention for containers, Kubernetes clusters, and virtual machines. Singularity Cloud protects against cloud threats such as ransomware, crypto mining, and fileless attacks in near real-time using patented behavioural artificial intelligence (AI) and threat intelligence. The platform’s XDR data plane, called Skylight™, enables customers to ingest third-party data sources, such as those from Amazon Security Lake, to support a diverse set of use cases. Threat hunting, investigation, and forensics use cases are easier and more complete with Singularity Cloud’s detailed, natively-collected container and virtual machine (VM) telemetry.
The initial data ingested into Skylight from Amazon Security Lake includes Amazon Virtual Private Cloud (Amazon VPC) flow logs, AWS CloudTrail management events, Amazon Route 53 Resolver query logs, Amazon Simple Storage Service (Amazon S3) data events, AWS Lambda function execution activity, and AWS Security Hub findings.
