Features and benefits - Security Insights on AWS

Features and benefits

The solution provides the following features:

Visualize data from multiple sources

Security Lake supports many data sources for data aggregation. This solution supports four data sources for QuickSight analysis:

You can customize your QuickSight dashboard to display only the data sources you choose. To see widgets for a data source, enable the data source in your Security Lake.

Question and answer powered by generative artificial intelligence (AI)

Amazon Q in QuickSight uses natural language processing to answer your security data questions quickly in this solution. When you choose to enable Amazon Q in QuickSight for this solution, you can query your data in Security Hub findings and CloudTrail management events in Security Lake. For example, you can ask Show all findings or Plot bar graph for unique findings vs Region.

Note

This feature requires specific terminology and structure to properly reference the data and provide accurate results. We’ve provided a prompt library with a list of tested queries and instructions for how to build your own. We recommend referencing the library when using this feature.

Schedule your dataset refresh

You can configure the refresh frequency of the datasets that this solution creates by providing the input parameters to the CloudFormation template. The solution supports creating daily, weekly, and monthly refresh periods. This helps customize your experience to view the most recent and relevant data, as it fits your use case and budget. The default refresh period is set to weekly.

Assign permissions with user groups

This solution provisions two QuickSight user groups with read and admin permissions, respectively. You can use these groups to give access to the QuickSight analysis and dashboard. The read group provides access to the dashboard, and the admin group provides access to both the analysis and dashboard.

Receive alarms for excessive Athena usage and errors

The solution creates an Amazon Athena workgroup to run all the queries for creating QuickSight datasets. To monitor the data scanned as part of this workgroup, the solution creates an Amazon CloudWatch alarm. This alarm is set off when the data scanned by the solution exceeds a certain threshold.

You can configure this threshold when deploying the CloudFormation template for this solution. The default threshold is set to 100 GB per day. If the alarm is set off, you receive an Amazon Simple Notification Service (Amazon SNS) notification to the email address provided during the solution deployment. Customizing your threshold can help you manage your Athena usage to fit your use case and budget.

The solution also provisions an Amazon EventBridge rule to filter failure events for the Athena workgroup. If an Athena query run fails when updating the dataset, Amazon SNS sends failure notifications to the email address provided during the solution deployment.

Integration with myApplications dashboard

This solution integrates with myApplications, which is an extension of the AWS Management Console home. You can view this solution in myApplications to help you manage and monitor the cost, health, security posture, and performance of this solution all in one place.

Notification for solution update

This solution provides an option for you to receive a notification when a newer version of the solution is available. Updating the solution version as soon as it’s available helps to address any security vulnerabilities. For more information, see Solution update notifications.