Getting Started with the Security Data Lake

The Red Canary Security Data Lake is a managed data storage solution built for security practitioners. Ingest data from a wide range of security solutions, store your high-volume security logs as long as you want, and retrieve them when you need.

Benefits

1. Meet long-term data retention compliance requirements with a more cost-effective solution than a SIEM.

2. Enjoy the scalability and flexibility to accommodate a wide and growing volume of data without needing to manage your data lake infrastructure.

3. Gain visibility into your security data and enrich internal investigations.

How does it work?

The Red Canary Security Data Lake is an annual subscription product that can be purchased as an add-on for Red Canary Managed Detection & Response (MDR) subscriptions. Once your license is activated, you will be able to access the Security Data Lake functionality from your Red Canary portal.

To connect your external data sources to the Security Data Lake, you will need to configure some integrations. In general, each external data source will correspond to one integration in your Red Canary portal. Refer to the Integrate Your Security Stack articles to learn more.

Once your integrations are activated in the Red Canary portal, and your external data sources are configured to start forwarding logs to the Security Data Lake, the next step is to validate that data is flowing into the data lake. You can monitor your overall usage from the Usage page, or validate specific logs from the Export page.