This article explains how to use Amazon SageMaker to generate machine learning insights from Security Lake data, focusing on Security Hub findings.

• Security Lake centralizes security logs from AWS and third-party services for analysis
• SageMaker Studio provides Python notebooks for data scientists to analyze Security Lake data
• Solution includes five notebooks: environment setup, data loading, trend detection, outlier detection, and change point detection
• Deploy via CloudFormation or AWS CDK in subscriber AWS account with proper permissions
• Trend detection identifies directional changes in security findings over time
• Outlier detection uses seasonal decomposition to find abnormal patterns in data
• Change point detection identifies persistent shifts in average finding counts
• Generated insights help identify security issues like data exfiltration or ransomware events

This solution enables security teams to interactively create tailored ML insights specific to their AWS environment without replacing GuardDuty or Detective.