Security Hub

Subdecks (1)

Cards (22)

  • AWS Security Hub is a central security tool to manage security across several AWS accounts and automate security checks.
  • AWS Security Hub provides integrated dashboards showing current security and compliance status to quickly take actions.
  • AWS Security Hub automatically aggregates alerts in predefined or personal findings formats from various AWS services & AWS partner tools: Config, GuardDuty, Inspector, Macie, IAM Access Analyzer, AWS Systems Manager, AWS Firewall Manager, AWS Health, AWS Partner Network Solutions.
  • AWS Security Hub must first enable the AWS Config Service.
  • Security Hub uses AWS Config to perform its security checks.
  • AWS Config must be enabled on all accounts (Security Hub does not manage AWS Config).
  • Security Hub generates findings and continuous checks against the rules in a set of supported security standards: CIS AWS Foundations, PCI DSS, AWS Foundational Security Best Practices.
  • Security Hub supports the ability to enable/disable a security standard.
  • Security Hub integrates with multiple 3rd party products: 3CORESEC, ALERTLOGIC, aqua.
  • Security Hub consumes findings using AWS Security Finding Format (ASFF) format.
  • Security Hub automatically updates and deletes findings.
  • Findings past 90 days are automatically deleted.
  • Security Hub provides a collection of related findings that identifies a security area that requires attention and intervention: Insights.
  • Security Hub provides built-in managed Insights that return results only if you enabled related product integration or security standard.
  • Security Hub provides custom Insights to track issues specific to your environment.
  • What are the four Security Hub Architecture phases events flow through?
    1. Detect (Security Hub Custom Action) --> 2. Ingest (Event Bridge) --> 3. Remediate (Lambda Step Functions) --> 4. Log (SNS / CloudWatch Logs)