Good points, I'm building an open source security lake platform for AWS (<a href="https://github.com/matanolabs/matano" rel="nofollow">https://github.com/matanolabs/matano</a>) that lets you ingest petabytes of data and write detections as code, all in your AWS account. We take an IaaC approach so everything from config to detections is managed as code in Git.