SecurityLake / Client / get_data_lake_sources

get_data_lake_sources#

SecurityLake.Client.get_data_lake_sources(**kwargs)#

Retrieves a snapshot of the current Region, including whether Amazon Security Lake is enabled for those accounts and which sources Security Lake is collecting data from.

See also: AWS API Documentation

Request Syntax

response = client.get_data_lake_sources(
    accounts=[
        'string',
    ],
    maxResults=123,
    nextToken='string'
)
Parameters:
  • accounts (list) –

    The Amazon Web Services account ID for which a static snapshot of the current Amazon Web Services Region, including enabled accounts and log sources, is retrieved.

    • (string) –

  • maxResults (integer) – The maximum limit of accounts for which the static snapshot of the current Region, including enabled accounts and log sources, is retrieved.

  • nextToken (string) –

    Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.

    Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.

Return type:

dict

Returns:

Response Syntax

{
    'dataLakeArn': 'string',
    'dataLakeSources': [
        {
            'account': 'string',
            'eventClasses': [
                'string',
            ],
            'sourceName': 'string',
            'sourceStatuses': [
                {
                    'resource': 'string',
                    'status': 'COLLECTING'|'MISCONFIGURED'|'NOT_COLLECTING'
                },
            ]
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) –

    • dataLakeArn (string) –

      The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more information about ARNs and how to use them in policies, see the Amazon Security Lake User Guide.

    • dataLakeSources (list) –

      The list of enabled accounts and enabled sources.

      • (dict) –

        Amazon Security Lake collects logs and events from supported Amazon Web Services services and custom sources. For the list of supported Amazon Web Services services, see the Amazon Security Lake User Guide.

        • account (string) –

          The ID of the Security Lake account for which logs are collected.

        • eventClasses (list) –

          The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake. The supported event classes are:

          • ACCESS_ACTIVITY

          • FILE_ACTIVITY

          • KERNEL_ACTIVITY

          • KERNEL_EXTENSION

          • MEMORY_ACTIVITY

          • MODULE_ACTIVITY

          • PROCESS_ACTIVITY

          • REGISTRY_KEY_ACTIVITY

          • REGISTRY_VALUE_ACTIVITY

          • RESOURCE_ACTIVITY

          • SCHEDULED_JOB_ACTIVITY

          • SECURITY_FINDING

          • ACCOUNT_CHANGE

          • AUTHENTICATION

          • AUTHORIZATION

          • ENTITY_MANAGEMENT_AUDIT

          • DHCP_ACTIVITY

          • NETWORK_ACTIVITY

          • DNS_ACTIVITY

          • FTP_ACTIVITY

          • HTTP_ACTIVITY

          • RDP_ACTIVITY

          • SMB_ACTIVITY

          • SSH_ACTIVITY

          • CONFIG_STATE

          • INVENTORY_INFO

          • EMAIL_ACTIVITY

          • API_ACTIVITY

          • CLOUD_API

          • (string) –

        • sourceName (string) –

          The supported Amazon Web Services services from which logs and events are collected. Amazon Security Lake supports log and event collection for natively supported Amazon Web Services services.

        • sourceStatuses (list) –

          The log status for the Security Lake account.

          • (dict) –

            Retrieves the Logs status for the Amazon Security Lake account.

            • resource (string) –

              Defines path the stored logs are available which has information on your systems, applications, and services.

            • status (string) –

              The health status of services, including error codes and patterns.

    • nextToken (string) –

      Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.

      Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.

Exceptions