Features and benefits
The solution provides the following features:
Visualize data from multiple sources
Security Lake supports many data sources for data aggregation. This solution supports four data sources for QuickSight analysis:
You can customize your QuickSight dashboard to display only the data sources you choose. To see widgets for a data source, enable the data source in your Security Lake.
Question and answer powered by generative artificial intelligence (AI)
Amazon Q in QuickSight uses natural language processing to answer your security data questions quickly in this solution. When you choose to enable Amazon Q in QuickSight for this solution, you can query your data in Security Hub findings and CloudTrail management events in Security Lake. For example, you can ask Show all findings or Plot bar graph for unique findings vs Region.
Note
This feature requires specific terminology and structure to properly reference the data and provide accurate results. We’ve provided a prompt library with a list of tested queries and instructions for how to build your own. We recommend referencing the library when using this feature.
Schedule your dataset refresh
You can configure the refresh frequency of the datasets that this solution creates by providing the input parameters to the CloudFormation template. The solution supports creating daily, weekly, and monthly refresh periods. This helps customize your experience to view the most recent and relevant data, as it fits your use case and budget. The default refresh period is set to weekly.
Assign permissions with user groups
This solution provisions two QuickSight user groups with read and admin permissions, respectively. You can use these groups to give access to the QuickSight analysis and dashboard. The read group provides access to the dashboard, and the admin group provides access to both the analysis and dashboard.
Receive alarms for excessive Athena usage and errors
The solution creates an
Amazon Athena
You can configure this threshold when deploying the CloudFormation
template for this solution. The default threshold is set to 100 GB
per day. If the alarm is set off, you receive an
Amazon Simple Notification Service
The solution also provisions an
Amazon EventBridge
Integration with myApplications dashboard
This solution integrates with myApplications, which is an extension of the AWS Management Console home. You can view this solution in myApplications to help you manage and monitor the cost, health, security posture, and performance of this solution all in one place.
Notification for solution update
This solution provides an option for you to receive a notification when a newer version of the solution is available. Updating the solution version as soon as it’s available helps to address any security vulnerabilities. For more information, see Solution update notifications.