Amazon Security Lake
Amazon Security Lake is a Storage output connector. Export vulnerabilities to the Amazon Security Lake in OCSF format.
You might need to add the Monad IP range of
22.214.171.124/32 to your Amazon Security Lake allowlist, so Monad can connect to it.
Amazon Security Lake helps you analyze security data, so you can get a more complete understanding of your security posture across the entire organization. Once you’ve connected an Amazon Security Lake Connector, Monad will automatically transform your data into OCSF format and send it to your Security Lake. Monad makes connecting to your Security Lake easy. The following instructions will help you get started.
- Create an Amazon Security Lake on your AWS account.
- You can find all the setup instructions in Amazons documentation here.
- Once you’ve created a Security Lake for your data we can now create your Monad
custom source. You can find the Amazon documentation for adding a custom source here.
- Navigate to the Custom sources tab on the left hand side of the Security Lake page in your console.
Create custom sourceon the top right of the page.
- Give the new data source a name. Something like
Monadwould be appropriate.
- Under the OCSF Event class drop down choose
Security Findingas this is the data type Monad will be sending.
- In the AWS account ID field you will put Monad’s AWS account ID which is
- In the external ID field you will use the external ID provided by monad on the Amazon Security Lake connector settings (see the completed connector setup form image below for reference). - This is your unique monad organizations id.
create and use a new service account. This will create a service role for your Security Lake to invoke AWS Glue. Then select
- You will be brought back to the custom sources page, stay on this page as there is information you will need when setting up your Monad connector.
- Creating your Monad Security Connector.
- In your Monad UI select
Add Connectorin the top right and select
- Now using the information on the
custom sourcesSecurity Lake page you can fill out the fields for the connector.
- Connector Settings:
- Display Name: This is the name for your connector in the Monad UI.
- Location: The location field provided by AWS. This is the S3 bucket location.
- Role ARN: The provider Role ARN given to you by AWS. This is the role that Monad will assume to access your S3 Location.
- External ID: The external ID you setup when creating your Security Lake. This is required in order for monad to assume the role.
- Region: The provided region shown on your custom source.
- In your Monad UI select
- Click Connect.
Sample Completed Connector Setup Form:
Now that you’ve connected the Amazon Security Lake connector, whenever you sync your input connectors, your data is transformed to OCSF format and sent to your Security Lake’s S3 bucket.
This page was last modified: 9 Oct 2023