AWS AppFabric のアイコン

AWS AppFabric New2023年〜

A service that standardizes and aggregates audit logs from SaaS applications

About 3 min read

What It Does

AWS AppFabric is a service that automatically collects audit logs from SaaS applications like Slack, Salesforce, and Google Workspace, standardizes them into OCSF (Open Cybersecurity Schema Framework) format, and aggregates them into S3 or Security Lake. By unifying each SaaS application's proprietary format, it streamlines cross-platform security analysis and compliance efforts.

Use Cases

AppFabric is used for centralizing security monitoring across multiple SaaS applications, visualizing employee SaaS usage, and automating audit log collection and retention for compliance. The more SaaS applications an IT department manages, the greater the benefit of centralized management through AppFabric.

Everyday Analogy

Think of it like a multilingual translation service. When reports from different countries (SaaS apps) arrive in their respective languages (proprietary formats), comparing and analyzing them is difficult. The translation service (AppFabric) converts all reports into a common language (OCSF), so you can grasp the overall situation at a glance.

What Is AppFabric?

AWS AppFabric is a service for centrally managing audit logs from multiple SaaS applications used by an organization. Modern businesses use numerous SaaS tools like Slack, Microsoft 365, Salesforce, and Zoom. Each SaaS outputs logs in its own proprietary format, making cross-platform security analysis difficult. AppFabric converts these logs into a standard format and aggregates them in one place.

Log Standardization and Aggregation

AppFabric automatically retrieves audit logs from connected SaaS applications and converts them into OCSF (Open Cybersecurity Schema Framework), an industry-standard schema. The converted logs can be output to S3 buckets or Security Lake. Since the format is unified, you can run cross-platform queries with Athena or OpenSearch to detect suspicious activity.

Supported SaaS Applications

AppFabric supports major SaaS applications including Slack, Microsoft 365, Google Workspace, Salesforce, Zoom, Dropbox, and Okta. Connections to each SaaS are made via OAuth authentication, and API key management is handled automatically by AppFabric. Supported SaaS applications are continuously being added, covering most commonly used business applications. For more details on supported SaaS applications, you can also check reference books on Amazon.

Getting Started

In the AppFabric console, create an app bundle and select the SaaS applications you want to connect. Authenticate with each SaaS via OAuth, then specify the log destination (such as an S3 bucket). Once configured, automatic audit log collection begins. The collected logs are output in OCSF format, so you can start analyzing right away.

Things to Watch Out For

  • AppFabric pricing is based on log ingestion volume, so costs vary depending on the number of connected SaaS apps and log volume
  • Due to API rate limits on the SaaS side, large volumes of logs may not be retrievable all at once. Initial log ingestion may take time when first connecting
  • Supported SaaS applications are limited, so verify that your SaaS tools are supported before getting started
共有するXB!

Related Services

Amazon Security Lake iconAmazon Security LakeA data lake service that centralizes security data in OCSF formatAWS CloudTrail iconAWS CloudTrailA service that records and monitors API activity in your AWS accountAWS Security Hub iconAWS Security HubCentrally manage your AWS security posture and automatically check compliance with best practicesAmazon Athena iconAmazon AthenaA serverless query service that lets you analyze data in S3 using standard SQL

Related Articles

Centralizing SaaS Audit Logs with AWS AppFabric - OCSF Standardization and Security Lake IntegrationLearn how AppFabric collects audit logs from SaaS applications, standardizes them to OCSF format, and builds analysis pipelines.

More in This Category

AWS AppConfig iconAWS AppConfig SpecializedA service for safely deploying and managing application configurationAWS Chatbot iconAWS Chatbot SpecializedAn interactive agent that delivers AWS notifications and enables resource operations through Slack and Microsoft TeamsAWS CloudFormation iconAWS CloudFormation EssentialAn IaC service that defines and provisions AWS resources as code using templatesAWS CloudTrail iconAWS CloudTrail EssentialA service that records and monitors API activity in your AWS accountAmazon CloudWatch iconAmazon CloudWatch EssentialA service that provides monitoring, log management, and alarms for AWS resources and applicationsAWS Config iconAWS Config PopularA service that records and evaluates AWS resource configuration changes and continuously monitors complianceAWS Control Tower iconAWS Control Tower PopularA service that automates multi-account environment setup and governanceAmazon CloudWatch RUM iconAmazon CloudWatch RUM NewA real user monitoring service that collects client-side performance and error data from web applications

Similar Articles and Services

Centralizing SaaS Audit Logs with AWS AppFabric - OCSF Standardization and Security Lake IntegrationLearn how AppFabric collects audit logs from SaaS applications, standardizes them to OCSF format, and builds analysis pipelines.Amazon AppFlowA fully managed integration service that automates data transfer between SaaS applications and AWS servicesSaaS Data Integration with Amazon AppFlow - Connecting Salesforce, Slack, and Google AnalyticsSync data from Salesforce and Slack to S3 and Redshift with no code. Learn about event-driven triggers, PII masking, and secure transfers via PrivateLink.Amazon AppFlowA service that builds data flows between SaaS applications (Salesforce, Slack, SAP, etc.) and AWS servicesBuilding a Security Data Lake with Amazon Security Lake - Unified Analysis in OCSF FormatLearn about Security Lake's automatic aggregation of CloudTrail, VPC Flow Logs, and Route 53 logs, OCSF normalization, and integration with subscribers.