Customization guide - Security Insights on AWS

Customization guide

This section provides a guide for customizing the solution.

Customize widgets

You can customize the solution's widgets and add more columns from the data source tables created by the Security Lake service. However, these updates will be overwritten if you upgrade the solution to a newer version. For more information, see Working with an analysis in Amazon QuickSight.

Build new widgets

To build your own widgets, follow these steps:

  1. Create a duplicate of the dataset that you want to customize from the QuickSight service console. For instructions, see Duplicating datasets in the Amazon QuickSight User Guide.

  2. Edit the dataset to add or remove columns.

  3. Use the updated dataset and create your own analysis. For more information, see Starting an analysis in Amazon QuickSight.

Note

The custom analysis that you create won't update when the solution receives updates.

Customizing Q topics

When the solution creates Q topics, the columns have friendly names and other meaningful synonyms to support broader range of words used by customers to ask questions. Customers can improve on this and add more metadata, synonyms and data value synonyms to customize the Q Topics as per their needs. This section describes how customers can add these values to the Q topics.

Updating queries

Q topics have columns that are created from the underlying datasets. The solution creates datasets with important data fields as columns. This is not the complete list of fields available in the Security Lake data source. If you need other fields that aren’t in the Q topics to answer your queries, you can update the datasets to add more columns. To add more columns to the dataset, complete the following steps:

  1. Sign in to the QuickSight console.

  2. Open the dataset that you want to update.

  3. Locate the box-shaped object that represents the existing SQL query.

  4. Open the Options menu on the query object and select Edit SQL query. This opens the SQL editor.

  5. In the SQL editor, modify the existing SQL query as needed.

  6. Choose to either Edit Preview data to immediately go to data preparation, or Confirm query to validate the SQL query and make sure there are no errors.

Indexing more columns

Upon deployment, the solution creates Q topics with 32 columns, out of which 15 are indexed to support customer queries. You can add more indexed columns by using the AWS Management Console. To add more indexes, follow the Making Amazon QuickSight Q topics natural-language-friendly instructions in the Amazon QuickSight User Guide.

Adding column synonyms

The solution uses column synonyms to support different words that customers can use to ask questions to the Q topics. To add more column synonyms, follow the Making Amazon QuickSight Q topics natural-language-friendly instructions in the Amazon QuickSight User Guide.

Adding value synonyms

Value synonyms can help you personalize some of the key words to ask questions to the Q topics. For example, if you can use your production account ID and save it as production account, then you can ask questions like List all the findings for production account. To add value synonyms, follow the Making Amazon QuickSight Q topics natural-language-friendly instructions in the Amazon QuickSight User Guide.