Amazon Athena is a service that uses ANSI-standard SQL to query directly from Amazon Simple Storage Service or Amazon S3. This makes it easy to analyze big data directly in S3 using standard SQL.
This document provides information about the AWS Athena connector, which facilitates automated interactions with AWS Athena using FortiSOAR™ playbooks. Add the AWS Athena connector as a step in FortiSOAR™ playbooks and to automate AWS Athena queries.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-aws-athena
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™ , on the connectors page, select the AWS Athena connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Region | AWS region of your account to access the AWS services. |
Access Key | User's AWS Access Key ID to access AWS services. |
Secret Key | User's AWS Secret key to access AWS services. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from CyOPsTM release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Run Athena Query | Runs a database query. | run_athena_query Investigation |
Parameter | Description |
---|---|
Query | Database query to run. |
Location | Location in S3 where the results should be stored. |
Encryption | Indicates whether Amazon S3 server-side encryption with Amazon S3-managed keys (SSE-S3 ), server-side encryption with KMS-managed keys (SSE-KMS ), or client-side encryption with KMS-managed keys (CSE-KMS) is used. |
Database Name | Name of the Athena database in which to run the query. |
Max Tries | Maximum number of attempts to fetch the results of the query. By default, this is set to 60. |
The output contains the following populated JSON schema:
{
"response": {
"result": {
"ResultSet": {
"Rows": [
{
"Data": [
{
"VarCharValue": ""
}
]
}
],
"ResultSetMetadata": {
"ColumnInfo": [
{
"Scale": 123,
"Type": "",
"CaseSensitive": "",
"Precision": 123,
"Name": "",
"TableName": "",
"SchemaName": "",
"CatalogName": "",
"Label": "",
"Nullable": ""
}
]
}
},
"NextToken": ""
},
"error": ""
},
"error_message": "",
"error": ""
}
The Sample - AWS Athena - 1.0.0
playbook collection comes bundled with the AWS Athena connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS Athena connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Amazon Athena is a service that uses ANSI-standard SQL to query directly from Amazon Simple Storage Service or Amazon S3. This makes it easy to analyze big data directly in S3 using standard SQL.
This document provides information about the AWS Athena connector, which facilitates automated interactions with AWS Athena using FortiSOAR™ playbooks. Add the AWS Athena connector as a step in FortiSOAR™ playbooks and to automate AWS Athena queries.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-aws-athena
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™ , on the connectors page, select the AWS Athena connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Region | AWS region of your account to access the AWS services. |
Access Key | User's AWS Access Key ID to access AWS services. |
Secret Key | User's AWS Secret key to access AWS services. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from CyOPsTM release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Run Athena Query | Runs a database query. | run_athena_query Investigation |
Parameter | Description |
---|---|
Query | Database query to run. |
Location | Location in S3 where the results should be stored. |
Encryption | Indicates whether Amazon S3 server-side encryption with Amazon S3-managed keys (SSE-S3 ), server-side encryption with KMS-managed keys (SSE-KMS ), or client-side encryption with KMS-managed keys (CSE-KMS) is used. |
Database Name | Name of the Athena database in which to run the query. |
Max Tries | Maximum number of attempts to fetch the results of the query. By default, this is set to 60. |
The output contains the following populated JSON schema:
{
"response": {
"result": {
"ResultSet": {
"Rows": [
{
"Data": [
{
"VarCharValue": ""
}
]
}
],
"ResultSetMetadata": {
"ColumnInfo": [
{
"Scale": 123,
"Type": "",
"CaseSensitive": "",
"Precision": 123,
"Name": "",
"TableName": "",
"SchemaName": "",
"CatalogName": "",
"Label": "",
"Nullable": ""
}
]
}
},
"NextToken": ""
},
"error": ""
},
"error_message": "",
"error": ""
}
The Sample - AWS Athena - 1.0.0
playbook collection comes bundled with the AWS Athena connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS Athena connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.