Adjust Systems Manager parameters - Security Insights on AWS

Adjust Systems Manager parameters

The solution supports four data sources and creates one Systems Manager parameter for each. The parameters created are:

  • /solutions/securityInsights/vpcFlowLogs

  • /solutions/securityInsights/securityHub

  • /solutions/securityInsights/cloudtrail

  • /solutions/securityInsights/appFabric

You can use these Systems Manager parameters to enable or disable the data source and to configure the duration for which you want to see your insights. The default Systems Manager parameter has the following value:

{"status":"Disabled","queryWindowDuration":"7"}

Enable data and insights

To see the data and insights in the QuickSight analysis:

  1. Sign in to the Systems Manager console.

  2. In the navigation pane, choose Parameter Store.

  3. Select the parameter for the data source.

  4. Choose Edit.

  5. Under Value, change the status from Disabled to Enabled.

  6. Choose Save changes.

Disable data and insights

If you no longer want to see the insights for the data source of VPC Flow Logs:

  1. Sign in to the Systems Manager console.

  2. In the navigation pane, choose Parameter Store.

  3. Select the parameter for the data source.

  4. Choose Edit.

  5. Under Value, change the status from Enabled to Disabled.

  6. Choose Save changes.

Change the duration

You can use the queryWindowDuration field to configure the duration in days for which you want to see the results.

  1. Sign in to the Systems Manager console.

  2. In the navigation pane, choose Parameter Store.

  3. Select the parameter for the data source.

  4. Choose Edit.

  5. Under Value, change the "queryWindowDuration" to your desired number of days.

  6. Choose Save changes.

For example, if you need to see the analysis for VPC Flow Logs for the past 30 days, change the value of the /solutions/securityInsights/vpcFlowLogs parameter to the following value:

{"status":"Enabled","queryWindowDuration":"30"}
Note

We recommend minimizing this duration as much as possible to avoid large data scans. A shorter duration lessens the amount of data scanned by Athena queries, which in turn helps minimize cost.

Update permissions to new data sources

This solution creates a /solutions/securityInsights/updatePermissions Systems Manager parameter for updating permissions to new data sources.

When you deploy the solution, it creates the permissions needed to visualize your data. The solution only creates these permissions for the data sources that you enable when you deploy the solution. If you enable a data source after deployment:

  1. Sign in to the Systems Manager console.

  2. In the navigation pane, choose Parameter Store.

  3. Select the /solutions/securityInsights/updatePermissions parameter.

  4. Choose Edit.

  5. Under Version, update the version number.

  6. Choose Save changes.

This invokes the Lambda function to update the permissions for the new data source.