Adjust Systems Manager parameters
The solution supports four data sources and creates one Systems Manager parameter for each. The parameters created are:
-
/solutions/securityInsights/vpcFlowLogs
-
/solutions/securityInsights/securityHub
-
/solutions/securityInsights/cloudtrail
-
/solutions/securityInsights/appFabric
You can use these Systems Manager parameters to enable or disable the data source and to configure the duration for which you want to see your insights. The default Systems Manager parameter has the following value:
{"status":"Disabled","queryWindowDuration":"7"}
Enable data and insights
To see the data and insights in the QuickSight analysis:
-
Sign in to the Systems Manager console
. -
In the navigation pane, choose Parameter Store.
-
Select the parameter for the data source.
-
Choose Edit.
-
Under Value, change the
status
fromDisabled
toEnabled
. -
Choose Save changes.
Disable data and insights
If you no longer want to see the insights for the data source of VPC Flow Logs:
-
Sign in to the Systems Manager console
. -
In the navigation pane, choose Parameter Store.
-
Select the parameter for the data source.
-
Choose Edit.
-
Under Value, change the
status
fromEnabled
toDisabled
. -
Choose Save changes.
Change the duration
You can use the queryWindowDuration
field to configure the
duration in days for which you want to see the results.
-
Sign in to the Systems Manager console
. -
In the navigation pane, choose Parameter Store.
-
Select the parameter for the data source.
-
Choose Edit.
-
Under Value, change the
"queryWindowDuration"
to your desired number of days. -
Choose Save changes.
For example, if you need to see the analysis for VPC Flow Logs
for the past 30 days, change the value of the
/solutions/securityInsights/vpcFlowLogs
parameter to the
following value:
{"status":"Enabled","queryWindowDuration":"30"}
Note
We recommend minimizing this duration as much as possible to avoid large data scans. A shorter duration lessens the amount of data scanned by Athena queries, which in turn helps minimize cost.
Update permissions to new data sources
This solution creates a
/solutions/securityInsights/updatePermissions
Systems Manager
parameter for updating permissions to new data sources.
When you deploy the solution, it creates the permissions needed to visualize your data. The solution only creates these permissions for the data sources that you enable when you deploy the solution. If you enable a data source after deployment:
-
Sign in to the Systems Manager console
. -
In the navigation pane, choose Parameter Store.
-
Select the /solutions/securityInsights/updatePermissions parameter.
-
Choose Edit.
-
Under Version, update the version number.
-
Choose Save changes.
This invokes the Lambda function to update the permissions for the new data source.