Query is excited to announce that we’ve become an Amazon Security Lake Subscriber Partner.

Amazon Security Lake is approaching its one year anniversary of General Availability (GA). Security Lake automatically centralizes an organization’s security data from across their AWS environments, leading SaaS providers, on-premises environments, and cloud sources into a purpose-built data lake. It also uses the Open Cybersecurity Schema Framework (OCSF), making it easier for security teams to automatically collect, combine, and analyze security data.

Query is a federated search solution that enables security professionals to make better data-driven decisions, faster. Query delivers a simple search interface and automatic dashboarding so security personnel – from SOC analysts to threat hunters to security architects and product security specialists – can quickly access, search and gain insights from data stored in Security Lake.

Together, Query and Amazon Security Lake give customers a purpose-built security data lake that aggregates, normalizes and optimizes large volumes of disparate log and event data, along with a search and analytics interface that will feel familiar to security professionals of any skill level. Data remains inside the lake or systems that are integrated with Query and the data is immediately usable, normalized to OCSF, delivering a unified view. The result is faster, more effective security investigations, threat hunting and incident response, along with a more flexible and cost effective data architecture. Query connects with Security Lake, and other data sources, in minutes with read-only access, leaving your data in place. 

Query helps bridge the gap in data analytics and engineering skills that a security team may be working to develop. Users do not need to know how to write SQL or any complex search syntax, how to properly performance-tune queries in Amazon Athena, or keep track of OCSF version changelogs. Query handles those tasks so security staff can concentrate on analysis, decision-making and taking action to improve security outcomes.

Query support for Amazon Security Lake works by creating a query planner and translation engine atop Amazon Athena for every single table in a customer’s Security Lake. Schema introspection is automatically carried out using AWS Glue to determine the table format (Glue or Apache Iceberg), what version of OCSF is in use, and how to best query the tables based on that information. When using Query, SQL statements that include proper predicates, partition information, and time ranges are submitted on the user’s behalf.

Query has pre-built connectors that correspond one-to-one with AWS provided sources in Security Lake. These include AWS CloudTrail Management Events, AWS EKS Audit Logs, Amazon VPC Flow Logs, AWS Security Hub. The identification of table format, OCSF version, and mapping are handled automatically. Query also includes a connector to support any custom source in Security Lake. This connector will identify table format and OCSF version automatically and provide customers with a user interface to specify how their data from custom sources is mapped. Additionally, Query has connectors for over 30 different technologies to quickly expand security data visibility wherever you need it. 

To learn more about how to set up and use Query with Amazon Security Lake, visit our product docs. Query Federated Search is available in the AWS Marketplace and custom pricing is available for customers via Private Offer.