This article will be a brief intro to AWS Security Hub.
What is it?
AWS Security Hub is a comprehensive security service that provides centralised visibility (as a dashboard) into your AWS security and helps you identify and remediate security issues across all of your AWS accounts.
What to include
- Macie
- GuardDuty
- Inspector
- Config
- IAM Access Analyser
- Systems Manager
- AWS Health
- AWS Firewall Manager
For Security Hub to work you must enable AWS Config.
Pricing
Security checks: “insert diagram”
Ingestion
Finding ingestions include both new findings and updates to existing findings. You are not charged for finding ingestion events associated with Security Hub security checks. “insert diagram”
Automation Rules
Security Hub automation rules allow you to automatically update or suppress findings in near-real time. You can automatically update various fields in findings, suppress findings, update finding severity and workflow status, add notes, and more. You can set criteria such as finding title or severity to make sure rules act only on relevant findings. This feature is priced by the quantity of automation rule evaluations per month.
To get started you need to set which set of standard rules you want the checks to adhere to. Select as many options as are appropriate to your business:
- AWS Foundational Best Practices
- CIS AWS Foundation Benchmark
- PCI DSS
