Tools for managing AWS Security Lake custom sources
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
🔐 security-lake-tools
security-lake-tools is a CLI utility for managing AWS Security Lake custom
sources with OCSF (Open Cybersecurity Schema Framework) support. It creates
custom log sources in Amazon Security Lake for specific OCSF event classes.
✨ Highlights
- 🚀 Create Security Lake custom sources for all OCSF event classes with a single command.
- 🔧 Automatic IAM role creation for AWS Glue crawlers with proper permissions.
- 📋 Built-in OCSF event class mapping—list available classes with
--list. - 🔍 Detailed error messages and troubleshooting guidance for common AWS issues.
📦 Installation
security-lake-tools ships on PyPI. Use
uvx to fetch and execute the
latest compatible version on demand:
uvx security-lake-tools --help
uvx downloads the newest release, runs it in an isolated environment, and
caches the result for snappy subsequent invocations.
🛠️ Usage
Prerequisites
- AWS Credentials: Configure via
aws configure, SSO, environment variables, or IAM role. - Security Lake: Ensure Security Lake is enabled in your target region.
- IAM Permissions: Create IAM roles/policies, Security Lake custom sources, and Glue crawlers.
Create a Custom Source
uvx security-lake-tools create-source \
--external-id your-external-id \
--region us-east-1 \
--account-id 123456789012 \
--profile production \
1001
List OCSF Event Classes
uvx security-lake-tools create-source --list
Command-Line Options
security-lake-tools create-source [OPTIONS] CLASS_UID
Arguments:
CLASS_UID OCSF class UID (e.g., 1001 for File System Activity)
Options:
--region AWS region (default: us-east-1)
--account-id AWS account ID (default: auto-detected)
--external-id External ID for trust relationship (required)
--glue-role-arn ARN of existing Glue service role
--profile AWS profile to use
--no-create-role Don't auto-create Glue role if missing
--skip-role-check Skip Glue role verification
--list List all available OCSF class UIDs
--help Show help message
IAM Role Management
By default, the tool auto-creates a Glue service role with proper trust
relationships and policies. Use --glue-role-arn to specify an existing role,
or --no-create-role to disable auto-creation.
🤝 Contributing
Want to contribute? We're all-in on agentic coding with Claude Code! The repo comes pre-configured with our custom plugins—just clone and start hacking.
📄 License
security-lake-tools is released under the Apache License, Version 2.0. Consult
LICENSE for the full text.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file security_lake_tools-1.0.0.tar.gz.
File metadata
- Download URL: security_lake_tools-1.0.0.tar.gz
- Upload date:
- Size: 33.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bb1aa3b66c5c9693a940e24606b593940311f466bdd592e890b2380cb35dc076
|
|
| MD5 |
4292b20d81f43af05fac19baa0a18f84
|
|
| BLAKE2b-256 |
72e6791786ba691215207f940f69a3e73cee2136266fc4018bc27be5ec670237
|
Provenance
The following attestation bundles were made for security_lake_tools-1.0.0.tar.gz:
Publisher:
publish.yml on tenzir/security-lake-tools
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
security_lake_tools-1.0.0.tar.gz -
Subject digest:
bb1aa3b66c5c9693a940e24606b593940311f466bdd592e890b2380cb35dc076 - Sigstore transparency entry: 744070434
- Sigstore integration time:
-
Permalink:
tenzir/security-lake-tools@47c2a7e3f773da423c60ce238fdebf87b172b170 -
Branch / Tag:
refs/tags/v1.0.0 - Owner: https://github.com/tenzir
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@47c2a7e3f773da423c60ce238fdebf87b172b170 -
Trigger Event:
release
-
Statement type:
File details
Details for the file security_lake_tools-1.0.0-py3-none-any.whl.
File metadata
- Download URL: security_lake_tools-1.0.0-py3-none-any.whl
- Upload date:
- Size: 13.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f93c93000bf646ec2966a8f74286d18decbb3879c196969241744552489437c5
|
|
| MD5 |
8a3ad4a32d24ec6337989f7ff678f5a9
|
|
| BLAKE2b-256 |
a9ed5520268bdbc9cce1fab3ade5176a30b43cf195566b58262f2e230d1e45f2
|
Provenance
The following attestation bundles were made for security_lake_tools-1.0.0-py3-none-any.whl:
Publisher:
publish.yml on tenzir/security-lake-tools
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
security_lake_tools-1.0.0-py3-none-any.whl -
Subject digest:
f93c93000bf646ec2966a8f74286d18decbb3879c196969241744552489437c5 - Sigstore transparency entry: 744070439
- Sigstore integration time:
-
Permalink:
tenzir/security-lake-tools@47c2a7e3f773da423c60ce238fdebf87b172b170 -
Branch / Tag:
refs/tags/v1.0.0 - Owner: https://github.com/tenzir
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@47c2a7e3f773da423c60ce238fdebf87b172b170 -
Trigger Event:
release
-
Statement type:
