SecurityLake / Client / get_data_lake_sources
get_data_lake_sources#
- SecurityLake.Client.get_data_lake_sources(**kwargs)#
Retrieves a snapshot of the current Region, including whether Amazon Security Lake is enabled for those accounts and which sources Security Lake is collecting data from.
See also: AWS API Documentation
Request Syntax
response = client.get_data_lake_sources( accounts=[ 'string', ], maxResults=123, nextToken='string' )
- Parameters:
accounts (list) –
The Amazon Web Services account ID for which a static snapshot of the current Amazon Web Services Region, including enabled accounts and log sources, is retrieved.
(string) –
maxResults (integer) – The maximum limit of accounts for which the static snapshot of the current Region, including enabled accounts and log sources, is retrieved.
nextToken (string) –
Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.
Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
- Return type:
dict
- Returns:
Response Syntax
{ 'dataLakeArn': 'string', 'dataLakeSources': [ { 'account': 'string', 'eventClasses': [ 'string', ], 'sourceName': 'string', 'sourceStatuses': [ { 'resource': 'string', 'status': 'COLLECTING'|'MISCONFIGURED'|'NOT_COLLECTING' }, ] }, ], 'nextToken': 'string' }
Response Structure
(dict) –
dataLakeArn (string) –
The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more information about ARNs and how to use them in policies, see the Amazon Security Lake User Guide.
dataLakeSources (list) –
The list of enabled accounts and enabled sources.
(dict) –
Amazon Security Lake collects logs and events from supported Amazon Web Services services and custom sources. For the list of supported Amazon Web Services services, see the Amazon Security Lake User Guide.
account (string) –
The ID of the Security Lake account for which logs are collected.
eventClasses (list) –
The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake. The supported event classes are:
ACCESS_ACTIVITY
FILE_ACTIVITY
KERNEL_ACTIVITY
KERNEL_EXTENSION
MEMORY_ACTIVITY
MODULE_ACTIVITY
PROCESS_ACTIVITY
REGISTRY_KEY_ACTIVITY
REGISTRY_VALUE_ACTIVITY
RESOURCE_ACTIVITY
SCHEDULED_JOB_ACTIVITY
SECURITY_FINDING
ACCOUNT_CHANGE
AUTHENTICATION
AUTHORIZATION
ENTITY_MANAGEMENT_AUDIT
DHCP_ACTIVITY
NETWORK_ACTIVITY
DNS_ACTIVITY
FTP_ACTIVITY
HTTP_ACTIVITY
RDP_ACTIVITY
SMB_ACTIVITY
SSH_ACTIVITY
CONFIG_STATE
INVENTORY_INFO
EMAIL_ACTIVITY
API_ACTIVITY
CLOUD_API
(string) –
sourceName (string) –
The supported Amazon Web Services services from which logs and events are collected. Amazon Security Lake supports log and event collection for natively supported Amazon Web Services services.
sourceStatuses (list) –
The log status for the Security Lake account.
(dict) –
Retrieves the Logs status for the Amazon Security Lake account.
resource (string) –
Defines path the stored logs are available which has information on your systems, applications, and services.
status (string) –
The health status of services, including error codes and patterns.
nextToken (string) –
Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.
Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
Exceptions