AWS Security Hub is a central security tool to manage security across several AWS accounts and automate security checks.
AWS Security Hub provides integrated dashboards showing current security and compliance status to quickly take actions.
AWS Security Hub automatically aggregates alerts in predefined or personal findings formats from various AWS services & AWS partner tools: Config, GuardDuty, Inspector, Macie, IAM Access Analyzer, AWS Systems Manager, AWS Firewall Manager, AWS Health, AWS Partner Network Solutions.
AWS Security Hub must first enable the AWS Config Service.
Security Hub uses AWS Config to perform its security checks.
AWS Config must be enabled on all accounts (Security Hub does not manage AWS Config).
Security Hub generates findings and continuous checks against the rules in a set of supported security standards: CIS AWS Foundations, PCI DSS, AWS Foundational Security Best Practices.
Security Hub supports the ability to enable/disable a security standard.
Security Hub integrates with multiple 3rdparty products: 3CORESEC, ALERTLOGIC, aqua.
Security Hub consumes findings using AWS Security Finding Format (ASFF) format.
Security Hub automatically updates and deletes findings.
Findings past 90 days are automatically deleted.
Security Hub provides a collection of related findings that identifies a security area that requires attention and intervention: Insights.
Security Hub provides built-in managed Insights that return results only if you enabled related product integration or security standard.
Security Hub provides custom Insights to track issues specific to your environment.
What are the four Security Hub Architecture phases events flow through?