AWS Security Hub

AWS Security Hub Partners
AWS Security Hub Security Blogs
AWS re:Post questions for AWS Security Hub
AWS Security Hub FAQs
AWS Security Hub Pricing
Free Cybersecurity Training
Automated response & remediation
1. EventBridge (Enrichment, Actions, Notifications)
  1. AWS Solutions
  2. Lambda
  3. AWS Systems Manager Automation
  4. Amazon Kinesis Data Streams
  5. AWS Step Functions
  6. Amazon SNS
  7. Amazon SQS queue
  8. Integration with 3rd party platform
    1. Sample security partners (Dec 2021)
    2. SIEM
    3. SOAR
    4. Instant messaging (Slack, PagerDuty, etc.)
    5. Ticketing systems
Pivot to Amazon Detective
Audit Manager
1. Audit Reports
AWS Chatbot
AWS Trusted Advisor
Sources
1. 3rd party AWS Partner Network (APN) - some bi-directional
  1. Anti-Malware
  2. Compliance solutions
  3. Firewalls
  4. Vulnerability managers
2. Security Hub Integrated Standards (via AWS Config)
  1. CIS AWS Foundations Benchmark
  2. PCI DSS
  3. AWS Foundational Security Best Practices standard
3. AWS internal sources
  1. IAM Access Analizer
    1. External Access Granted
  2. System Manager Patch Manager
    1. Inventory
    2. Compliance
  3. AWS Firewall Manager
    1. WAF Policy
    2. ACL Rules
    3. AWS Shield
    4. DNS Firewall
    5. AWS Network Firewall
  4. Amazon Inspector
    1. Amazon EC2
    2. Containers in ECR
  5. Macie
    1. Amazon S3
      1. Publicly accessible buckets
      2. Unencrypted buckets
      3. Buckets shared with AWS accounts / Organizations
      4. Identify & Alert on personally identifiable information (PII)
  6. AWS Health
  7. GuardDuty
    1. CloudTrail Event Logs
    2. CloudTrail Management Events
    3. CloudTrail S3 Data Events
    4. VPC Flow Logs
    5. DNS logs
    6. GuardDuty for EKS
    7. Threat intelligence (IP and domains)
      1. AWS Security
      2. 3rd party providers
      3. Proofpoint
      4. CrowdStrike
      5. Custom threat lists