This talk shows how to leverage Amazon Security Lake as a centralized security events management system that builds on top of SQL-based queries via AWS Athena. Furthermore, we demonstrate how Jupyter notebooks can be used to fast-track threat detection and security incident response. The adversary emulation allows teams to realistically enhance people, processes, and technological aspects of threat detection and incident response.