Troubleshooting - Security Insights on AWS

Troubleshooting

This section provides troubleshooting instructions for deploying and using the solution.

If these instructions don’t address your issue, see the Contact AWS Support section for instructions on opening an AWS Support case for this solution.

Changing your account ID

You can't change your input to the Account ID where Security Lake is created parameter after you deploy this solution.

Resolution

If your Security Lake account ID changes, uninstall the solution and then re-deploy it with the new account ID.

Problem: QuickSight widgets don't show data

There could be several reasons why your QuickSight widgets aren’t showing data.

Resolution 1: Enable the Systems Manager parameter data source

This error might happen if the value to enable the data source isn’t set to Enabled. For example, a typo can result in errors and data not being shown in the widgets.

To resolve this issue, correct the value and save the parameter again. See Enable data and insights for more detailed instructions.

Resolution 2: Enable the data source in Security Lake

This error can also happen if the data source isn’t enabled in Security Lake. To resolve this issue:

  1. Enable the data source in Security Lake. See Data sources for more detailed instructions.

  2. Update the /solutions/securityInsights/region/updatePermissions Systems Manager parameter by increasing the version number and saving the parameter. This adds the required permissions to the new data source. See Update permissions to new data sources for more detailed instructions.

  3. Disable and enable the Systems Manager parameter again for the data source.

Resolution 3: Increase the query window duration

If a particular widget isn’t showing data, the data for those events might not have been generated in the configured queryWindowDuration parameter.

To resolve this issue, increase the number for this parameter. This results in Athena scanning data for more days. If the corresponding events occurred in that period, then the data will show in the widgets. See Change the duration for more detailed instructions.

Datasource CREATION_FAILED error

You see the following error during the CloudFront deployment:

DataSource: arn:aws:quicksight:region:account:datasource/AthenaDataSourceSecurityInsights is in status CREATION_FAILED’

Resolution

Delete the Athena data source using the following CLI command.

Aws quicksight delete-data-source –-aws-account-id <account id> --data-source-id <AthenaDataSourceSecurityInsights>

For more information, see delete-data-source in the AWS CLI Command Reference.