Overview
Security Insights on AWS creates an automated dashboard based on data from Amazon Security Lake to help Chief Information Security Officers (CISOs) and security operations center (SOC) teams gain visibility into their security data, quickly identify threats, and take timely action to enhance their enterprise-wide security.
By creating a centralized dashboard with pre-built widgets, this solution allows you to visualize security key performance indicators (KPIs) based on data sources supported in Security Lake to help you stay on top of your security and compliance needs.
Benefits
Gain visibility into your organization’s security landscape to help you facilitate compliance with industry standards.
Streamline setup, query, and visualization configuration tasks by deploying the solution’s ready-to-use widgets.
Enable AWS AppFabric to ingest normalized audit log data from third-party software-as-a-service (SaaS) applications to create predefined widgets with the solution that enhance your observability.
Technical details
You can automatically deploy this architecture using the implementation guide and the accompanying AWS CloudFormation template.
Step 1
The solution sets up the permissions needed to visualize the data from your Amazon Security Lake. As part of this setup, the solution:
a) Adds the AWS Identity and Access Management (IAM) role for the CreateLakeFormationPermissions AWS Lambda function as one of the admins for the Security Lake.
b) Grants Describe and Select permissions on the Security Lake database and AWS Lake Formation data tables to the following principals: service-linked role for Amazon QuickSight; QuickSight admin user provided in the input parameters to the solution’s AWS CloudFormation template; and QuickSight user groups created by the solution.
Step 2
The solution provisions QuickSight datasets that are required for the QuickSight widgets.
Step 3
The solution provisions the QuickSight datasets with the refresh schedule provided as an input to the solution’s CloudFormation template.
Step 4
The solution creates an Amazon Athena workgroup and runs all the queries for the QuickSight datasets as part of this workgroup.
As part of this setup, the solution:
a) Creates an Amazon Simple Storage Service (Amazon S3) bucket to store Athena results.
b) Creates an Amazon CloudWatch alarm for the Athena workgroup. You can set this threshold when deploying the solution's CloudFormation template. If the solution exceeds the threshold, the CloudWatch alarm invokes an action to send an Amazon Simple Notification Service (Amazon SNS) notification to the provided email address.
Step 5
The solution provisions three QuickSight user groups with read, write, and admin permissions. You can use these groups to give different levels of access to the QuickSight analysis and dashboards.
Step 6
After launching the solution, you must enable the data sources for which you want to see the QuickSight analysis and dashboard insights.
Related content
Amazon Security Lake is a fully managed security data lake service. You can use Security Lake to automatically centralize security data from AWS environments, SaaS providers, on premises, cloud sources, and third-party sources into a purpose-built data lake that's stored in your AWS account.
AWS AppFabric quickly connects SaaS applications across your organization. IT and security teams can then easily manage and secure applications using a standard schema, and employees can complete everyday tasks faster using generative AI.
This blog post demonstrates how to use AWS AppFabric to connect your SaaS applications, normalize and transport your audit logs to Amazon Security Lake, and analyze your SaaS logs using Amazon QuickSight.
Explore how Amazon Security Lake and AWS Partners can help you address enterprise security data challeneges for a more accurate analysis and effective protection.
Learn how to start using AppFabric in the AWS Management Console.
Identify what questions to ask on the road to democratizing your security data with AWS and Industry Leaders.
- Publish Date