- Business Applications›
- AWS AppFabric›
- AWS AppFabric FAQs
AWS AppFabric FAQs
General
What is AWS AppFabric?
AppFabric quickly connects software-as-a-service (SaaS) applications across your organization. IT and security teams can then easily manage and secure applications using a standard schema, and employees can complete everyday tasks faster using generative artificial intelligence (AI).
What value does AppFabric security features provide?
AWS AppFabric security features help IT administrators and security analysts enhance their security observability across the SaaS applications their organization uses. Customers do not need to build point-to-point integrations or maintain code with supported SaaS applications, and IT and security teams automatically receive normalized audit logs.
In which AWS Regions is AppFabric available?
AppFabric security features are available in US East (N. Virginia), Asia Pacific (Tokyo), and Europe (Ireland). AWS AppFabric productivity features are available in preview in US East (N. Virginia). For a list of the supported AWS AppFabric Regions, see Regions details in our documentation.
Supported SaaS applications
Which SaaS applications integrate with AppFabric?
AppFabric integrates with SaaS applications including Asana, Atlassian Jira suite, Dropbox, Miro, Okta, ServiceNow, Slack, Smartsheet, Webex by Cisco, Zendesk, Zoom, Google Workspace, GitHub, and Microsoft 365 with more coming soon. AppFabric is also compatible with security tools including Logz.io, Netskope, Netwitness, Rapid7, and Splunk with more coming soon. Learn more on the AWS AppFabric Supported Applications page.
Billing and pricing
How much does AppFabric for security cost?
AppFabric is a pay-as-you go service with no minimums or monthly contracts. For the latest pricing information, see AWS AppFabric Pricing.
What is included with the AppFabric Free Tier?
As part of AWS Free Tier, AppFabric does not charge for the first two applications selected during the first 30 days of use. For the latest information on the Free Tier, see AWS AppFabric Pricing.
AppFabric security features
How do I get started with AppFabric security features?
To get started with AppFabric security features, start by creating an AWS account. Then, navigate to the AWS Management Console and search for AWS AppFabric. Select AppFabric and follow the getting started guide in the console, or refer to the Getting Started Guide in the AppFabric documentation for step-by-step instructions.
How do I connect my SaaS applications to AppFabric?
From the AWS Management Console, authorize AppFabric to securely interact with the SaaS applications of your choice by providing the necessary credentials and authorization tokens for each application. Follow the AppFabric application authorization documentation for application-specific guidance when providing credentials.
Where is audit log data stored?
Admins can ingest aggregated security data into Amazon Simple Storage Service (Amazon S3) or through Amazon Kinesis Data Firehose to their security tool. From Kinesis Data Firehose, customers can also deliver this data to Amazon Security Lake. Customers can then either consume the aggregated data directly or through a supported security tool like Splunk, Netwitness, or Rapid7. When using AppFabric to ingest normalized audit logs into Amazon S3 or Amazon Kinesis, customers are charged standard data storage and ingestion rates based on the volume of log data. For more information, see AWS AppFabric Pricing.
Which types of schema and formats are supported for audit logs?
AppFabric can provide both normalized and unnormalized SaaS data. For normalized logs schema, AppFabric uses the Open Cybersecurity Schema Framework (OCSF). Data formats supported include JSON and Apache Parquet.
How does AppFabric use the Open Cybersecurity Schema Framework (OCSF)?
The OCSF is a collaborative open-source schema for security logs and events. It includes a vendor-agnostic data taxonomy that reduces the need to normalize security logs and event data across various products, services, and open-source tools. AppFabric worked with the OCSF community to introduce new SaaS-specific schema components, such as a new event category, event classes, and fields, so that the OCSF can be used to normalize SaaS application events. AppFabric uses the OCSF to create a new schema tailored specifically to address customers’ need for observability of their SaaS portfolio.
How do I send normalized data from AppFabric to supported security tools?
AppFabric aggregates, normalizes, and enriches audit log data from SaaS applications like Asana, Slack, and Zoom. Data is sent to either Amazon S3 or through Kinesis to a security tool like Splunk, Netwitness, or a proprietary security solution. Read more about the security tools supported by AppFabric in the AWS AppFabric User Guide.
How often are normalized audit logs ingested?
AppFabric ingests and normalizes audit log data from authorized SaaS applications every two minutes. Customers cannot configure the ingestion frequency at this time.
Does AppFabric have a service level agreement (SLA) that guarantees performance for supported SaaS applications?
No. While we have an SLA for the availability of the AppFabric service, we do not have any similar guarantees for the SaaS applications available on AppFabric. AppFabric uses the APIs provided by supported SaaS applications, and the AppFabric SLA and performance depend on their SLA and API characteristics, such as throttling and schema. Some operations, such as ingesting and enriching audit log files, require numerous APIs, so they might take longer to complete.
For which applications does AppFabric show user access results?
AppFabric shows if a user has an account for all SaaS applications authorized inside AppFabric. If a user is found to have an account inside an application, a “User is found” result is shown. If a user is not found in the AppFabric authorized application, a “User not found” result is shown. If there were any authorization issues with a specific application, an error message will be shown.
What other user information does AppFabric show?
With the User Access feature, AppFabric shows if a user has an account in a SaaS application authorized inside AppFabric. Additionally, AppFabric shows any user status, such as Active and Suspended, that a user might have in the SaaS application. AppFabric does not modify this user status, and it is visible only if the SaaS application makes this information available.
How do I set up encryption keys?
With AppFabric, application data is always encrypted at rest and in transit. AppFabric uses AWS KMS [SMM1] for encryption of the data at rest and TLS1.2 for the data in transit. Customers can also choose to create or use an existing KMS key for encryption during AppFabric setup.
How does AppFabric protect customer data?
AppFabric encrypts all customer data at rest and in transit. During AppFabric setup, customers can choose an AWS Key Management Service (AWS KMS) key that they manage or use an AWS managed KMS key for encryption. AppFabric uses this encryption key to encrypt customer application authorization credentials and other customer data.
How does AppFabric work with other AWS services?
AppFabric aggregates, normalizes, and enriches audit log data from SaaS applications like Asana, Slack, and Zoom. Data is sent to either Amazon S3 or Amazon Kinesis. From these destinations, customers can ingest application data into a myriad of other AWS services like Amazon Security Lake, Amazon Athena, Amazon Redshift, and Amazon QuickSight. Data from Amazon S3 and Kinesis Data Firehose can also be sent to a security tool like Splunk, Netwitness, or a proprietary security solution.
How does AppFabric work with Amazon Athena?
Athena is a serverless, interactive analytics service built on open-source frameworks, supporting open-table and file formats. Athena provides a simplified, flexible way to analyze petabytes of data where it lives. AppFabric users can analyze audit logs ingested into Amazon S3 from multiple SaaS applications and run advance queries against that data using Athena. To get started, launch Athena from the AWS Management Console, select the Amazon S3 bucket created as a destination for AppFabric audit logs, and create a table from that Amazon S3 bucket data. Once configured, customers can design their preferred table view and run the queries with Athena. Read more about using Amazon Athena and AppFabric in the Amazon S3 User Guide.
How does AppFabric work with Amazon QuickSight?
QuickSight is a business intelligence service that offers insights and data visualization features. Use QuickSight to create custom dashboards and monitor audit logs sourced from AppFabric. Create an Athena table that takes normalized audit logs from the Amazon S3 bucket that you created as a destination for AppFabric. Next, launch QuickSight from the AWS Management Console and add Athena as the data source. See the Amazon QuickSight User Guide for details.
How can I use AppFabric with Security Lake to improve my security posture?
You can use Security Lake to centralize control data across sources—including cloud to on-premises and custom sources, infrastructure, and SaaS applications—while choosing the threat detection solution that best meets your needs. Both AppFabric and Security Lake use the OCSF, so your audit logs are normalized into the same schema, across SaaS and non-SaaS data sources. This makes it easier to detect threats or identify anomalies and risks across your entire tech stack.
When should I use AppFabric instead of Amazon AppFlow?
Amazon AppFlow is a managed integration service for exchanging data between external SaaS applications and AWS services. AppFabric removes the complexity of implementing and managing individual data flows between SaaS applications by providing preconfigured integrations with supported SaaS applications and security tools.