Since organizations around the globe began investing more aggressively in their digital transformation by migrating and modernizing applications within the cloud, the value of audit logging has shifted. It has expanded from industries like finance and healthcare to nearly any company with a digital strategy. Comprehensive audit logging enables modern organizations to ensure compliance with internal and industry regulations, audit security events, troubleshoot system issues, and even recommend new administrative procedures.

As a result, AWS has built a service called AWS CloudTrail Lake, a managed security and audit data lake that allows users to aggregate, immutably store, and query events submitted by third-parties such as Snyk, all backed by a 7-year default retention policy to help them meet both internal and external compliance requirements.

Here at Snyk, we’re excited to announce our own integration with AWS CloudTrail Lake that empowers customers to simplify and streamline the process of consolidating audit events. This provides auditors and security practitioners an enhanced view of their Snyk audit activity across all their environments and applications. 

Using AWS CloudTrail Lake, customers can ingest and analyze events from AWS and third-party sources like Snyk to streamline auditing and security investigations, as well as any operational troubleshooting that might be necessary.

Snyk has an audit log endpoint today that allows users to retrieve their audit logs using HTTP and the Snyk API. Customers can use this API to help retroactively triage any unexpected activity, understand when a new user is added, or monitor changes in a user’s role to get early warning of any unusual behavior. Snyk will also log an event when a service account is created, modified, or deleted, and will even log an event when someone changes the Snyk license policy.

Using the newly launched PutAuditEvents API for CloudTrail Lake, customers can now capture and consolidate all user activity and audit events from Snyk, eliminating the need for separate data processing pipelines that span across teams and products. The API also provides an integrated SQL experience that allows users to more easily query data from AWS CloudTrail. CloudTrail Lake will even provide sample queries to help customers get started with writing queries for common scenarios to help accelerate audits.

Joint customers of Snyk and AWS can easily activate this integration by navigating directly to the AWS CloudTrail Lake console, where they’ll be guided step by step on how to stream events from Snyk so that they can analyze and respond to a consolidated view of security activity across their application fleet!

The diagram below provides an architectural overview.

Snyk and AWS

As an Advanced Technology Partner with AWS, and a recipient of several AWS Competencies (including AWS Security Competency) and AWS Service Ready validations, Snyk partners closely with AWS to provide seamless integrations into AWS services across the application lifecycle, making it easy for customers to automate security controls across the SDLC when building applications using AWS services.

Discuss this blog on Discord

Join the DevSecOps Community on Discord to discuss this topic and more with other security-focused practitioners.