Accelerate incident response with Amazon Security Lake – Part 2
Security Blog
This article discusses how to accelerate incident response using Amazon Security Lake. It is the second part of a two-part series, focusing on the detection and analysis, containment, eradication, and recovery phases of the NIST incident response framework.
Specifically, the article covers:
- Using Athena to query CloudTrail management events, S3 data events, and Amazon Macie findings in Security Lake to detect and analyze an incident involving an unfamiliar IAM user
- Disabling the compromised IAM user, restoring deleted data, and revoking access to resources created by the compromised user to contain and eradicate the incident
- The benefits of using Security Lake as a centralized security data store for accelerating incident response across multiple AWS accounts and services
- Conclusion highlighting how Security Lake empowers security teams to analyze security data from various sources using analytical tools like Athena
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
May 28
2024
2024
Accelerate incident response with Amazon Security Lake
Jul 24
2025
2025
AWS Security Incident Response: The customer’s journey to accelerating the incident response lifecycle
Mar 26
2024
2024
Using Amazon Security Lake with New Relic for Threat Detection and Incident Response
Feb 27
2025
2025
Accelerate Security Incident Response and Recovery with AWS Security Incident Response Partners
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.