get_datalake_status

SecurityLake.Client.get_datalake_status(**kwargs)

Retrieves a snapshot of the current Region, including whether Amazon Security Lake is enabled for those accounts and which sources Security Lake is collecting data from.

See also: AWS API Documentation

Request Syntax

response = client.get_datalake_status(
    accountSet=[
        'string',
    ],
    maxAccountResults=123,
    nextToken='string'
)
Parameters
  • accountSet (list) --

    The Amazon Web Services account ID for which a static snapshot of the current Amazon Web Services Region, including enabled accounts and log sources, is retrieved.

    • (string) --
  • maxAccountResults (integer) -- The maximum limit of accounts for which the static snapshot of the current Region, including enabled accounts and log sources, is retrieved.
  • nextToken (string) --

    Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.

    Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.

Return type

dict

Returns

Response Syntax

{
    'accountSourcesList': [
        {
            'account': 'string',
            'eventClass': 'ACCESS_ACTIVITY'|'FILE_ACTIVITY'|'KERNEL_ACTIVITY'|'KERNEL_EXTENSION'|'MEMORY_ACTIVITY'|'MODULE_ACTIVITY'|'PROCESS_ACTIVITY'|'REGISTRY_KEY_ACTIVITY'|'REGISTRY_VALUE_ACTIVITY'|'RESOURCE_ACTIVITY'|'SCHEDULED_JOB_ACTIVITY'|'SECURITY_FINDING'|'ACCOUNT_CHANGE'|'AUTHENTICATION'|'AUTHORIZATION'|'ENTITY_MANAGEMENT_AUDIT'|'DHCP_ACTIVITY'|'NETWORK_ACTIVITY'|'DNS_ACTIVITY'|'FTP_ACTIVITY'|'HTTP_ACTIVITY'|'RDP_ACTIVITY'|'SMB_ACTIVITY'|'SSH_ACTIVITY'|'CLOUD_API'|'CONTAINER_LIFECYCLE'|'DATABASE_LIFECYCLE'|'CONFIG_STATE'|'CLOUD_STORAGE'|'INVENTORY_INFO'|'RFB_ACTIVITY'|'SMTP_ACTIVITY'|'VIRTUAL_MACHINE_ACTIVITY',
            'logsStatus': [
                {
                    'healthStatus': 'ACTIVE'|'DEACTIVATED'|'PENDING',
                    'pathToLogs': 'string'
                },
            ],
            'sourceType': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • accountSourcesList (list) --

      The list of enabled accounts and enabled sources.

      • (dict) --

        Amazon Security Lake collects logs and events from supported Amazon Web Services and custom sources. For the list of supported Amazon Web Services, see the Amazon Security Lake User Guide.

        • account (string) --

          The ID of the Security Lake account for which logs are collected.

        • eventClass (string) --

          Initializes a new instance of the Event class.

        • logsStatus (list) --

          The log status for the Security Lake account.

          • (dict) --

            Retrieves the Logs status for the Amazon Security Lake account.

            • healthStatus (string) --

              The health status of services, including error codes and patterns.

            • pathToLogs (string) --

              Defines path the stored logs are available which has information on your systems, applications, and services.

        • sourceType (string) --

          The supported Amazon Web Services from which logs and events are collected. Amazon Security Lake supports log and event collection for natively supported Amazon Web Services.

    • nextToken (string) --

      Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.

      Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.

Exceptions

  • SecurityLake.Client.exceptions.InternalServerException
  • SecurityLake.Client.exceptions.ValidationException
  • SecurityLake.Client.exceptions.AccessDeniedException
  • SecurityLake.Client.exceptions.AccountNotFoundException