diff --git a/packages/amazon_security_lake/changelog.yml b/packages/amazon_security_lake/changelog.yml
index a33d1eb4d2d..783d2530604 100644
--- a/packages/amazon_security_lake/changelog.yml
+++ b/packages/amazon_security_lake/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.8.1"
+  changes:
+    - description: Improve the handling of `ocsf.resource` for serverless environment in the event data stream.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/16304
 - version: "2.8.0"
   changes:
     - description: Improve documentation to align with new guidelines.
diff --git a/packages/amazon_security_lake/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/amazon_security_lake/data_stream/event/elasticsearch/ingest_pipeline/default.yml
index 04571e011d9..4eb13f8a3ee 100644
--- a/packages/amazon_security_lake/data_stream/event/elasticsearch/ingest_pipeline/default.yml
+++ b/packages/amazon_security_lake/data_stream/event/elasticsearch/ingest_pipeline/default.yml
@@ -83,16 +83,18 @@ processors:
           return null;
         }
         processFields(ctx.ocsf);
-  - rename:
-      field: ocsf.resource
-      target_field: ocsf.resources
-      tag: rename_resource_to_resources
-      ignore_missing: true
-      if: ctx.ocsf?.resources == null
-  - append:
-      field: ocsf.resources
-      value: []
-      if: ctx.ocsf?.resources != null
+  - script:
+      description: Append resource to resources.
+      tag: script_ocsf_resources
+      lang: painless
+      if: ctx.ocsf?.resources == null && ctx.ocsf?.resource != null
+      source: |-
+        ctx.ocsf.resources = [ctx.ocsf.resource];
+        ctx.ocsf.remove('resource');
+      on_failure:
+        - append:
+            field: error.message
+            value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - foreach:
       field: ocsf.resources
       ignore_missing: true
diff --git a/packages/amazon_security_lake/manifest.yml b/packages/amazon_security_lake/manifest.yml
index eada76cbb32..462d0094b45 100644
--- a/packages/amazon_security_lake/manifest.yml
+++ b/packages/amazon_security_lake/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.3"
 name: amazon_security_lake
 title: Amazon Security Lake
-version: "2.8.0"
+version: "2.8.1"
 description: Collect logs from Amazon Security Lake with Elastic Agent.
 type: integration
 categories: