Overview
Security Insights on AWS creates an automated dashboard based on data stored within Amazon Security Lake, a centralized data lake that aggregates security-related data from various sources. By creating an automated dashboard based on this security data, Chief Information Security Officers (CISOs) and security operations center (SOC) teams can gain visibility into their data, quickly identify threats, and take timely action to enhance their enterprise-wide security.
This AWS Solution also includes an integration with Amazon Q, a natural language processing (NLP) feature within the fully managed Amazon QuickSight business intelligence (BI) service. Amazon Q is pre-configured with common security-related topics where users can ask questions about their data and receive tailored answers, charts, and tables to help them respond to incidents more quickly and reduce security vulnerabilities.
Benefits
Gain visibility into an organization’s security landscape, facilitating compliance with industry standards.
Streamline setup, query, and visualization tasks by deploying ready-to-use widgets.
Generate charts and insights based on security data with Amazon Q in QuickSight.
Enhance observability by enabling AWS AppFabric to ingest normalized audit log data from third-party software-as-a-service (SaaS) applications and create predefined widgets.
Technical details
You can automatically deploy this architecture using the implementation guide and the accompanying AWS CloudFormation template.
Create permissions
Step 1
To set up the permissions needed to visualize the data from Amazon Security Lake, this solution:
a) Adds the AWS Identity and Access Management (IAM) role for the CreateLakeFormationPermissions AWS Lambda function as one of the admins for the Security Lake.
b) Grants Describe and Select permissions on the Security Lake database and AWS Lake Formation data tables for the following principals:
- Service-linked role for Amazon QuickSight
- QuickSight admin user provided as an input parameter to the AWS CloudFormation template
- QuickSight user groups created by this solution
Create datasets
Step 2
To provide the necessary datasets for the QuickSight widgets, this solution provisions the required QuickSight datasets.
Create refresh schedules
Step 3
To set the refresh schedule for the QuickSight datasets, this solution provisions the datasets with the schedule provided as an input to the CloudFormation template.
Create Athena workgroup
Step 4
To run the queries for the QuickSight datasets, this solution creates an Amazon Athena workgroup and executes the queries within this workgroup. As part of this setup, this solution:
a) Creates an Amazon Simple Storage Service (Amazon S3) bucket to store Athena results.
b) Creates an Amazon CloudWatch alarm for the Athena workgroup. Users can set this threshold when deploying the CloudFormation template. If this solution exceeds the configured threshold, the CloudWatch alarm invokes an action to send an Amazon Simple Notification Service (Amazon SNS) notification to the provided email address.
Manage QuickSight users
Step 5
To provide different levels of access to the QuickSight analysis and dashboard, this solution provisions two QuickSight user groups with read and admin permissions.
Configure QuickSight dashboards with AWS Systems Manager parameters
Step 6
To view the QuickSight analysis and dashboard insights for specific data sources, you must enable those data sources after launching this solution.
Related content
Amazon Security Lake is a fully managed security data lake service. You can use Security Lake to automatically centralize security data from AWS environments, SaaS providers, on premises, cloud sources, and third-party sources into a purpose-built data lake that's stored in your AWS account.
AWS AppFabric quickly connects SaaS applications across your organization. IT and security teams can then easily manage and secure applications using a standard schema, and employees can complete everyday tasks faster using generative AI.
This blog post demonstrates how to use AWS AppFabric to connect your SaaS applications, normalize and transport your audit logs to Amazon Security Lake, and analyze your SaaS logs using Amazon QuickSight.
Explore how Amazon Security Lake and AWS Partners can help you address enterprise security data challeneges for a more accurate analysis and effective protection.
Learn how to start using AppFabric in the AWS Management Console.
Identify what questions to ask on the road to democratizing your security data with AWS and Industry Leaders.
- Publish Date