Create an automated, centralized security dashboard with pre-built widgets

Publication date: March 2024. Check the CHANGELOG.md file in the GitHub repository to see all notable changes and updates to the software. The changelog provides a clear record of improvements and fixes for each version.

The Security Insights on AWS solution helps analyze the data within your Amazon Security Lake, which can help you align your workloads to Well-Architected Security best practices (SEC4). Amazon Security Lake is a data lake service that is designed to collect security-related logs and events. It automatically centralizes security data from AWS environments, software as a service (SaaS) providers, and on-premises and cloud sources into a purpose-built data lake stored in your AWS account.

This solution provides a single pane view for your security data by creating an automated Amazon QuickSight dashboard. The dashboard’s 20+ pre-built widgets show critical insights for data sources such as:

Amazon Virtual Private Cloud (Amazon VPC)
AWS Security Hub
AWS CloudTrail
AWS AppFabric

You can opt in the data sources that you’re interested in and configure the insights' duration. You can use this dashboard to derive actionable insights and improve your security posture. You can visualize security key performance indicators (KPIs) and take action to enhance security across your cloud, on-premises, or hybrid environments.

Important

To use this solution, you must set up and configure a Security Lake and a QuickSight admin account. In addition, your Security Lake queries must use source version 2. For more details, see Prerequisites.

This implementation guide provides an overview of the Security Insights on AWS solution, its reference architecture and components, considerations for planning the deployment, and configuration steps for deploying the solution to the Amazon Web Services (AWS) Cloud.

The intended audience for using this solution’s features and capabilities in their environment includes IT security teams, solutions architects, business decision makers, and cloud professionals. To deploy this solution, you should have an understanding of your Security Lake.

Use this navigation table to quickly find answers to these questions:

If you want to . . .	Read . . .
Know the cost for running this solution. The estimated cost for running this solution in the US East (N. Virginia) Region is USD $4,127.42 a month for AWS resources to scan 100 GB of data. This does not include the cost of your existing Security Lake.	Cost
Understand the security considerations for this solution.	Security
Know how to plan for quotas for this solution.	Quotas
Know which AWS Regions support this solution.	Supported AWS Regions
View or download the AWS CloudFormation template included in this solution to automatically deploy the infrastructure resources (the "stack") for this solution.	AWS CloudFormation template
Access the source code and optionally use the AWS Cloud Development Kit (AWS CDK) to deploy the solution.	GitHub repository

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Features and benefits