We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.
If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”
Customize cookie preferences
We use cookies and similar tools (collectively, "cookies") for the following purposes.
Essential
Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms.
Performance
Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes.
Allowed
Functional
Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly.
Allowed
Advertising
Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising.
Allowed
Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by selecting Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in the AWS Cookie Notice.
Your privacy choices
We display ads relevant to your interests on AWS sites and on other properties, including cross-context behavioral advertising. Cross-context behavioral advertising uses data from one site or app to advertise to you on a different company’s site or app.
To not allow AWS cross-context behavioral advertising based on cookies or similar technologies, select “Don't allow” and “Save privacy choices” below, or visit an AWS site with a legally-recognized decline signal enabled, such as the Global Privacy Control. If you delete your cookies or visit this site from a different browser or device, you will need to make your selection again. For more information about cookies and how we use them, please read our AWS Cookie Notice.
К сожалению, данный материал на выбранном языке не доступен. Мы постоянно работаем над расширением контента, предоставляемого пользователю на выбранном языке. Благодарим вас за терпение!
Security Insights on AWS creates an automated dashboard based on data stored within Amazon Security Lake, a centralized data lake that aggregates security-related data from various sources. By creating an automated dashboard based on this security data, Chief Information Security Officers (CISOs) and security operations center (SOC) teams can gain visibility into their data, quickly identify threats, and take timely action to enhance their enterprise-wide security.
This AWS Solution also includes an integration with Amazon Q, a natural language processing (NLP) feature within the fully managed Amazon QuickSight business intelligence (BI) service. Amazon Q is pre-configured with common security-related topics where users can ask questions about their data and receive tailored answers, charts, and tables to help them respond to incidents more quickly and reduce security vulnerabilities.
Benefits
Enhanced security insights
Gain visibility into an organization’s security landscape, facilitating compliance with industry standards.
Preconfigured dashboard widgets
Streamline setup, query, and visualization tasks by deploying ready-to-use widgets.
Integrated generative BI
Generate charts and insights based on security data with Amazon Q in QuickSight.
Improved SaaS data observability
Enhance observability by enabling AWS AppFabric to ingest normalized audit log data from third-party software-as-a-service (SaaS) applications and create predefined widgets.
Step 4 To run the queries for the QuickSight datasets, this solution creates an Amazon Athena workgroup and executes the queries within this workgroup. As part of this setup, this solution:
b) Creates an Amazon CloudWatch alarm for the Athena workgroup. Users can set this threshold when deploying the CloudFormation template. If this solution exceeds the configured threshold, the CloudWatch alarm invokes an action to send an Amazon Simple Notification Service (Amazon SNS) notification to the provided email address.
Manage QuickSight users
Step 5 To provide different levels of access to the QuickSight analysis and dashboard, this solution provisions two QuickSight user groups with read and admin permissions.
Step 6 To view the QuickSight analysis and dashboard insights for specific data sources, you must enable those data sources after launching this solution.
Create permissions
Step 1 To set up the permissions needed to visualize the data from Amazon Security Lake, this solution:
Step 2 To provide the necessary datasets for the QuickSight widgets, this solution provisions the required QuickSight datasets.
Create refresh schedules
Step 3 To set the refresh schedule for the QuickSight datasets, this solution provisions the datasets with the schedule provided as an input to the CloudFormation template.
Create Athena workgroup
Step 4 To run the queries for the QuickSight datasets, this solution creates an Amazon Athena workgroup and executes the queries within this workgroup. As part of this setup, this solution:
b) Creates an Amazon CloudWatch alarm for the Athena workgroup. Users can set this threshold when deploying the CloudFormation template. If this solution exceeds the configured threshold, the CloudWatch alarm invokes an action to send an Amazon Simple Notification Service (Amazon SNS) notification to the provided email address.
Manage QuickSight users
Step 5 To provide different levels of access to the QuickSight analysis and dashboard, this solution provisions two QuickSight user groups with read and admin permissions.
Step 6 To view the QuickSight analysis and dashboard insights for specific data sources, you must enable those data sources after launching this solution.
Create permissions
Step 1 To set up the permissions needed to visualize the data from Amazon Security Lake, this solution:
Step 2 To provide the necessary datasets for the QuickSight widgets, this solution provisions the required QuickSight datasets.
Create refresh schedules
Step 3 To set the refresh schedule for the QuickSight datasets, this solution provisions the datasets with the schedule provided as an input to the CloudFormation template.
Step 4 To run the queries for the QuickSight datasets, this solution creates an Amazon Athena workgroup and executes the queries within this workgroup. As part of this setup, this solution:
b) Creates an Amazon CloudWatch alarm for the Athena workgroup. Users can set this threshold when deploying the CloudFormation template. If this solution exceeds the configured threshold, the CloudWatch alarm invokes an action to send an Amazon Simple Notification Service (Amazon SNS) notification to the provided email address.
Manage QuickSight users
Step 5 To provide different levels of access to the QuickSight analysis and dashboard, this solution provisions two QuickSight user groups with read and admin permissions.
Step 6 To view the QuickSight analysis and dashboard insights for specific data sources, you must enable those data sources after launching this solution.
Create permissions
Step 1 To set up the permissions needed to visualize the data from Amazon Security Lake, this solution:
Step 2 To provide the necessary datasets for the QuickSight widgets, this solution provisions the required QuickSight datasets.
Create refresh schedules
Step 3 To set the refresh schedule for the QuickSight datasets, this solution provisions the datasets with the schedule provided as an input to the CloudFormation template.
Create Athena workgroup
Step 4 To run the queries for the QuickSight datasets, this solution creates an Amazon Athena workgroup and executes the queries within this workgroup. As part of this setup, this solution:
b) Creates an Amazon CloudWatch alarm for the Athena workgroup. Users can set this threshold when deploying the CloudFormation template. If this solution exceeds the configured threshold, the CloudWatch alarm invokes an action to send an Amazon Simple Notification Service (Amazon SNS) notification to the provided email address.
Manage QuickSight users
Step 5 To provide different levels of access to the QuickSight analysis and dashboard, this solution provisions two QuickSight user groups with read and admin permissions.
Step 6 To view the QuickSight analysis and dashboard insights for specific data sources, you must enable those data sources after launching this solution.
Create permissions
Step 1 To set up the permissions needed to visualize the data from Amazon Security Lake, this solution:
Step 2 To provide the necessary datasets for the QuickSight widgets, this solution provisions the required QuickSight datasets.
Create refresh schedules
Step 3 To set the refresh schedule for the QuickSight datasets, this solution provisions the datasets with the schedule provided as an input to the CloudFormation template.
Related content
Amazon Security Lake
Amazon Security Lake is a fully managed security data lake service. You can use Security Lake to automatically centralize security data from AWS environments, SaaS providers, on premises, cloud sources, and third-party sources into a purpose-built data lake that's stored in your AWS account.
AWS AppFabric quickly connects SaaS applications across your organization. IT and security teams can then easily manage and secure applications using a standard schema, and employees can complete everyday tasks faster using generative AI.
Build a security monitoring solution with AWS AppFabric and Amazon Security Lake
This blog post demonstrates how to use AWS AppFabric to connect your SaaS applications, normalize and transport your audit logs to Amazon Security Lake, and analyze your SaaS logs using Amazon QuickSight.
Democratizing Security Data with Amazon Security Lake and Industry Leaders for Improved Protection
Explore how Amazon Security Lake and AWS Partners can help you address enterprise security data challeneges for a more accurate analysis and effective protection.