New Relic infrastructure integrations include an integration for AWS Security Lake, allowing you to send your security log data to New Relic.
Collect and send telemetry data to New Relic from Security Lake using our integration. You can use this integration to monitor your services, query incoming data, and build dashboards to observe everything at a glance.
To enable this integration, set up an S3 log forwarder. We suggest using our serverless forwarder application for ease and convenience, but you can also set your own.
You have two options for Security Lake monitoring setup. You can consolidate multiple regions to avoid repeating steps, or you can set it up on a per-region basis. For more details, see managing multiple regions.
Before enabling this integration, first make sure these steps are completed for Security Lake:
- Complete the steps mentioned in the Amazon Security Lake Getting started guide.
- Complete the prerequisites to setting up a subscriber with data access by following the steps in the Security Lake subscriber guide.
Here's an overview of the steps you'll be doing:
- Create a Security Lake subscriber.
- Install our dedicated Amazon Security Lake log forwarder.
- Find and use your log data.
Navigate to the Security Lake feature in your AWS Console.
Select Subscribers, and select Create Subscriber.
Give the subscriber a name and select a region.
Select which log and event sources you want sent to New Relic.
Fill out the remaining details as described below:
Data access method
Insert the AWS
account IDwhere you plan on installing the New Relic-provided serverless application.
Insert your New Relic
AccountID. For more info, see externalID
From the Subscriber details page, copy your AWS role ID and Subscription endpoint ARN's. You will need them for the next step.
To install the log forwarder:
- Open the AWS Serverless Application Repository in your browser.
- Search for
newrelicand check Show apps that create custom IAM roles or resource policies to find the
- Click the
newrelic-securitylake-s3-processor-LogForwarderdetails, and click Deploy.
- Copy/paste the
AWS role IDARN from the previous step into the
- Copy/paste the
Subscription endpointARN from the previous step into the
- Input the
ExternalIDthat you added in the previous step.
- Input your into the
- Acknowledge and select Deploy.
For more details on this, see our Amazon Security Lake log forwarder docs.
To find your logs on New Relic, go to one.newrelic.com > All capabilities > Logs and set Attributes to
product.name, and then choose the log source you want.
The following log sources are currently supported:
Amazon Security Lake uses the OCSF Schema for its logs.
Here are attributes you can find in Security Lake logs:
To know more about how to use your data, see understand integration data.
You can set up alerts to notify you of breaking changes. For example, an alert can be set up to notify relevant parties of critical or fatal errors.
Learn more about creating alerts.
Read more about New Relic AWS integrations: