/AWS1/CL_SLK=>CREATECUSTOMLOGSOURCE()

About CreateCustomLogSource

Adds a third-party custom source in Amazon Security Lake, from the Amazon Web Services Region where you want to create a custom source. Security Lake can collect logs and events from third-party custom sources. After creating the appropriate IAM role to invoke Glue crawler, use this API to add a custom source name in Security Lake. This operation creates a partition in the Amazon S3 bucket for Security Lake as the target location for log files from the custom source. In addition, this operation also creates an associated Glue table and an Glue crawler.

Method Signature

IMPORTING

Required arguments:

IV_SOURCENAME TYPE /AWS1/SLKCUSTOMLOGSOURCENAME /AWS1/SLKCUSTOMLOGSOURCENAME

Specify the name for a third-party custom source. This must be a Regionally unique value. The sourceName you enter here, is used in the LogProviderRole name which follows the convention AmazonSecurityLake-Provider-{name of the custom source}-{region}. You must use a CustomLogSource name that is shorter than or equal to 20 characters. This ensures that the LogProviderRole name is below the 64 character limit.

IO_CONFIGURATION TYPE REF TO /AWS1/CL_SLKCUSTOMLOGSRCCONF /AWS1/CL_SLKCUSTOMLOGSRCCONF

The configuration used for the third-party custom source.

Optional arguments:

IV_SOURCEVERSION TYPE /AWS1/SLKCUSTOMLOGSOURCEVRS /AWS1/SLKCUSTOMLOGSOURCEVRS

Specify the source version for the third-party custom source, to limit log collection to a specific version of custom data source.

IT_EVENTCLASSES TYPE /AWS1/CL_SLKOCSFEVENTCLLIST_W=>TT_OCSFEVENTCLASSLIST TT_OCSFEVENTCLASSLIST

The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake. For the list of supported event classes, see the Amazon Security Lake User Guide.

RETURNING

OO_OUTPUT TYPE REF TO /AWS1/CL_SLKCRECUSTLOGSRCRSP /AWS1/CL_SLKCRECUSTLOGSRCRSP

Domain	/AWS1/RT_ACCOUNT_ID
Primitive Type	NUMC