From 7331e10c4340a67924f09f22b261249a2b75c1a0 Mon Sep 17 00:00:00 2001
From: debugactiveprocess
 <49375302+debugactiveprocess@users.noreply.github.com>
Date: Sat, 8 Mar 2025 09:43:16 -0300
Subject: [PATCH] Create RA_1129_query_security_logs_in_datalake.yml

suggestion for using data lake
---
 ...RA_1129_query_security_logs_in_datalake.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 response_actions/RA_1129_query_security_logs_in_datalake.yml

diff --git a/response_actions/RA_1129_query_security_logs_in_datalake.yml b/response_actions/RA_1129_query_security_logs_in_datalake.yml
new file mode 100644
index 00000000..7666579e
--- /dev/null
+++ b/response_actions/RA_1129_query_security_logs_in_datalake.yml
@@ -0,0 +1,18 @@
+title: RA_1129_query_security_logs_in_datalake  
+id: RA1129  
+description: >  
+  Utilize a Data Lake platform to query historical security logs for investigation and analysis.  
+author: 'Ialle Teixeira'  
+creation_date: 2025/03/08  
+stage: preparation  
+references:  
+  - https://en.wikipedia.org/wiki/Data_lake  
+  - https://www.sqltutorial.org/
+  - https://duckdb.org/docs/stable/
+  - https://www.dremio.com/wiki/
+requirements:  
+  - MS_datalake_platform  
+  - DN_security_logs  
+workflow: |  
+  Ensure access to a Data Lake platform where historical security logs are stored.  
+  Use SQL queries to extract relevant data for security investigations, anomaly detection, and incident response.