Study Guides/AWS Cybersecurity Notes/AWS Security Hub: Difference between revisions
| (4 intermediate revisions by the same user not shown) | |||
| Line 51: | Line 51: | ||
HUB = '''H'''igh level | HUB = '''H'''igh level | ||
== Hub depends on config == | |||
To enable AWS hub you must first have AWS Config enabled. | |||
:: Baseloine infomration for hub comes from AWS Config | |||
:: This data refresheshes security hub in alomost realtime | |||
== Standards / Contoles and Checks == | |||
When enabling you are asked to select a security standard. | |||
Some of these are: | |||
::* AWS securirty bes practices | |||
::* CIS AWS Foundations benchmarks | |||
::* NIST 800-53 | |||
::* PCI-DSS | |||
Processing payment infomration | |||
:: Select PCI-DSS (45 controls) | |||
Concerned about the CIA triad | |||
:: Select NIST 800-53 (216 controls) | |||
Once a standard is enabled security checks will be run. | |||
AWS Config is used to run the security checks. | |||
:: Checks can be done on a scedule. | |||
:: Checks can be done whenver a change is detected. | |||
Security hub uses the findings to generte a score. | |||
== Security hub insights == | |||
Managed insights: | |||
:These only work if the product is integrated. | |||
Custom insights: | |||
:Can be created with Security HUB API, AWS CLI or PowerShell | |||
:You must select an attribute to group by. | |||
== Findings == | |||
Findings are security issues helighted by AWS or Third party solutions. | |||
== Automated remediation == | |||
Eventbridge and Security Hub can automatically trigger the following: | |||
:: AWS Lambda Function | |||
:: EC2 run command via Systems Manager | |||
:: AWS Step Functions State machine | |||
:: Sending an SNS notification | |||
:: Placing a message in SQS | |||
:: Sending findings to a third party system such as SIEM | |||
Latest revision as of 23:21, 25 May 2026
AWS Security Hub
This consolidates the security findings compliance and alerts.
This includes:
- AWS IAM
- Macie
- Guard Duty
- Inspector
- Firewall Manager
Third party tools:
- AWS Security hub can be intergrated to work with many 3rd party applications.
Think of security hub as a central point for a comprehehsive picture of security
By default security hub is a regional service.
- Member and master accounts can be setup.
- Securty hub administrator is the core account
- Security hub member are the leaf accounts
Compliance use case
Security hub can be used for automated compiance checks.
Out of the box Security Hub performes 43 fully automated checks.
- They checks are based on the CIS foundations framework.
Security hub looks at configutation and use at the account level.
AWS config: looks at the resource level.
HUB = High level
Hub depends on config
To enable AWS hub you must first have AWS Config enabled.
- Baseloine infomration for hub comes from AWS Config
- This data refresheshes security hub in alomost realtime
Standards / Contoles and Checks
When enabling you are asked to select a security standard.
Some of these are:
- AWS securirty bes practices
- CIS AWS Foundations benchmarks
- NIST 800-53
- PCI-DSS
Processing payment infomration
- Select PCI-DSS (45 controls)
Concerned about the CIA triad
- Select NIST 800-53 (216 controls)
Once a standard is enabled security checks will be run.
AWS Config is used to run the security checks.
- Checks can be done on a scedule.
- Checks can be done whenver a change is detected.
Security hub uses the findings to generte a score.
Security hub insights
Managed insights:
- These only work if the product is integrated.
Custom insights:
- Can be created with Security HUB API, AWS CLI or PowerShell
- You must select an attribute to group by.
Findings
Findings are security issues helighted by AWS or Third party solutions.
Automated remediation
Eventbridge and Security Hub can automatically trigger the following:
- AWS Lambda Function
- EC2 run command via Systems Manager
- AWS Step Functions State machine
- Sending an SNS notification
- Placing a message in SQS
- Sending findings to a third party system such as SIEM
