QuickSight components
This section describes the QuickSight components of this solution.
QuickSight analysis
The solution creates a QuickSight analysis comprising multiple sheets. Each sheet displays relevant data visualizations to the following AWS service integrations in Security Lake: Amazon VPC, Security Hub, CloudTrail, and AppFabric.
Users can interact with the widgets, such as by selecting fields or filtering by specific parameters of the data visualizations.
See Working with an analysis in Amazon QuickSight for more information about how to use this feature of QuickSight.
QuickSight datasets
The QuickSight datasets are queried Athena results on relevant
AWS Glue
Each widget presents its respective dataset graphically for the user, with the option to view more data in a table. Consequently, if there's an error with the dataset or it shows as empty, the widget won't show data.
QuickSight Q topics
Amazon Q in QuickSight, powered by machine learning, uses natural language processing to answer questions quickly. When you use this solution, you can ask questions related to Security Hub findings and CloudTrail events to get responses through this solution’s use of Q topics.
This solution creates Security Hub and CloudTrail Q topics by using the Security Hub and CloudTrail datasets, respectively. These datasets contain records from the Security Hub and CloudTrail data source in Security Lake. The data from the Security Lake is processed and filtered by Athena SQL queries. The data from the Security Lake tables are flattened to improve analysis using Q topics.
QuickSight user groups
The solution provisions two QuickSight user groups with read and admin permissions, respectively. You can use these groups to give different levels of access to the QuickSight analysis and dashboard. The read group provides access to the dashboard, and the admin group provides access to both the analysis and dashboard.
Refresh schedules
The solution creates one dataset per widget in the QuickSight analysis. You can refresh the datasets so that the widgets show the latest data from the data tables. You can do this by setting the refresh frequency to daily, weekly, or monthly. The default refresh frequency is set to weekly.
The dataset refresh supported by the solution is FULL_REFRESH. With the weekly configuration, you can select which day of the week to refresh the dataset on. Similarly, with the monthly refresh option, you can select the day of the month to refresh the dataset on.