SecurityLake / Paginator / GetDataLakeSources

GetDataLakeSources#

class SecurityLake.Paginator.GetDataLakeSources#

paginator = client.get_paginator('get_data_lake_sources')

paginate(**kwargs)#

Creates an iterator that will paginate through responses from SecurityLake.Client.get_data_lake_sources().

Request Syntax

response_iterator = paginator.paginate(
    accounts=[
        'string',
    ],
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)

Parameters:

accounts (list) –
The Amazon Web Services account ID for which a static snapshot of the current Amazon Web Services Region, including enabled accounts and log sources, is retrieved.
- (string) –
PaginationConfig (dict) –
A dictionary that provides parameters to control pagination.
- MaxItems (integer) –
  
  The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
- PageSize (integer) –
  
  The size of each page.
- StartingToken (string) –
  
  A token to specify where to start paginating. This is the NextToken from a previous response.

Return type:

dict

Returns:

Response Syntax

{
    'dataLakeArn': 'string',
    'dataLakeSources': [
        {
            'account': 'string',
            'eventClasses': [
                'string',
            ],
            'sourceName': 'string',
            'sourceStatuses': [
                {
                    'resource': 'string',
                    'status': 'COLLECTING'|'MISCONFIGURED'|'NOT_COLLECTING'
                },
            ]
        },
    ],
    'NextToken': 'string'
}

Response Structure

(dict) –
- dataLakeArn (string) –
  
  The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more information about ARNs and how to use them in policies, see the Amazon Security Lake User Guide.
- dataLakeSources (list) –
  
  The list of enabled accounts and enabled sources.
  - (dict) –
    
    Amazon Security Lake collects logs and events from supported Amazon Web Services and custom sources. For the list of supported Amazon Web Services, see the Amazon Security Lake User Guide.
    - account (string) –
      
      The ID of the Security Lake account for which logs are collected.
    - eventClasses (list) –
      
      The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake. The supported event classes are:
      - ACCESS_ACTIVITY
      - FILE_ACTIVITY
      - KERNEL_ACTIVITY
      - KERNEL_EXTENSION
      - MEMORY_ACTIVITY
      - MODULE_ACTIVITY
      - PROCESS_ACTIVITY
      - REGISTRY_KEY_ACTIVITY
      - REGISTRY_VALUE_ACTIVITY
      - RESOURCE_ACTIVITY
      - SCHEDULED_JOB_ACTIVITY
      - SECURITY_FINDING
      - ACCOUNT_CHANGE
      - AUTHENTICATION
      - AUTHORIZATION
      - ENTITY_MANAGEMENT_AUDIT
      - DHCP_ACTIVITY
      - NETWORK_ACTIVITY
      - DNS_ACTIVITY
      - FTP_ACTIVITY
      - HTTP_ACTIVITY
      - RDP_ACTIVITY
      - SMB_ACTIVITY
      - SSH_ACTIVITY
      - CONFIG_STATE
      - INVENTORY_INFO
      - EMAIL_ACTIVITY
      - API_ACTIVITY
      - CLOUD_API
      - (string) –
    - sourceName (string) –
      
      The supported Amazon Web Services from which logs and events are collected. Amazon Security Lake supports log and event collection for natively supported Amazon Web Services.
    - sourceStatuses (list) –
      
      The log status for the Security Lake account.
      - (dict) –
        
        Retrieves the Logs status for the Amazon Security Lake account.
        
        resource (string) –
        
        Defines path the stored logs are available which has information on your systems, applications, and services.
        
        status (string) –
        
        The health status of services, including error codes and patterns.
- NextToken (string) –
  
  A token to resume pagination.