Amazon Security Lake

Amazon Security Lake is a Storage output connector. Export vulnerabilities to the Amazon Security Lake in OCSF format.

IP Allowlists

You might need to add the Monad IP range of 34.210.32.104/32 to your Amazon Security Lake allowlist, so Monad can connect to it.

Summary

Amazon Security Lake helps you analyze security data, so you can get a more complete understanding of your security posture across the entire organization. Once you’ve connected an Amazon Security Lake Connector, Monad will automatically transform your data into OCSF format and send it to your Security Lake. Monad makes connecting to your Security Lake easy. The following instructions will help you get started.

Setup Instructions:

  1. Create an Amazon Security Lake on your AWS account.
    • You can find all the setup instructions in Amazons documentation here.
  2. Once you’ve created a Security Lake for your data we can now create your Monad custom source. You can find the Amazon documentation for adding a custom source here.
    • Navigate to the Custom sources tab on the left hand side of the Security Lake page in your console.
    • Select Create custom source on the top right of the page.
    • Give the new data source a name. Something like Monad would be appropriate.
    • Under the OCSF Event class drop down choose Security Finding as this is the data type Monad will be sending.
    • In the AWS account ID field you will put Monad’s AWS account ID which is 271127603659.
    • In the external ID field you will use the external ID provided by monad on the Amazon Security Lake connector settings (see the completed connector setup form image below for reference). - This is your unique monad organizations id.
    • Select create and use a new service account. This will create a service role for your Security Lake to invoke AWS Glue. Then select Create.
    • You will be brought back to the custom sources page, stay on this page as there is information you will need when setting up your Monad connector.
  3. Creating your Monad Security Connector.
    • In your Monad UI select Add Connector in the top right and select Security Lake.
    • Now using the information on the custom sources Security Lake page you can fill out the fields for the connector.
    • Connector Settings:
      • Display Name: This is the name for your connector in the Monad UI.
      • Location: The location field provided by AWS. This is the S3 bucket location.
      • Role ARN: The provider Role ARN given to you by AWS. This is the role that Monad will assume to access your S3 Location.
      • External ID: The external ID you setup when creating your Security Lake. This is required in order for monad to assume the role.
      • Region: The provided region shown on your custom source.
  4. Click Connect.

Sample Completed Connector Setup Form:

Now that you’ve connected the Amazon Security Lake connector, whenever you sync your input connectors, your data is transformed to OCSF format and sent to your Security Lake’s S3 bucket.

AWS Docs for Security Lake custom sources

This page was last modified: 9 Oct 2023