Today, AWS announces the expansion in the log coverage support for Amazon Security Lake, now including AWS Web Application Firewall Logs (AWS WAF). This enhancement allows you to automatically centralize and normalize your AWS WAF web ACL logs in Security Lake. You can easily analyze your log data to determine if a suspicious IP address is interacting with your environment, monitor trends in denied requests to identify new exploitation campaigns, or conduct analytics to determine anomalous successful access by previously blocked hosts. This enables you to monitor and investigate potential suspicious activities in your web applications.
Security Lake automatically centralizes security data from AWS environments, SaaS providers, on premises, and cloud sources into a purpose-built data lake stored in your account. AWS WAF is a web application firewall that enables you to monitor the HTTP(S) requests that are made to your protected web application resource. Today’s announcement of AWS WAF logs coverage further streamlines the collection and management of your security data across accounts and AWS Regions, freeing up time for analyzing security data and improving the protection of your workloads, applications, and data.
Source:: Amazon AWS