Setup AWS Security Hub

AWS Security Hub provides you with a great comprehensive view of your infrastructure security state in AWS. It also helps you check security industry standards and best practices.

Security Hub collects all security data from your AWS accounts/Organisations, services, and products and helps you to analyze your security trends and identify the highest priority security issues.

Enable AWS Security Hub in a standalone account

Enabling AWS Security Hub is very simple.

1. Sign in and go to the Security Hub console and click go to Security Hub button:

1. Select the security standards and click Enable Security Hub button:

It will enable the security hub for that account in that region.

Enable AWS Security Hub in Multi-account (Organization) environment

1. Log in to the AWS organization's management account and Open the AWS Organizations console.

2. From the Services tab open Security Hub and click Enable trusted access

It will enable the Security Hub for all of the Organization's member accounts as well as the management account (Root account).

Note: Management account will be the Delegated Administrator for the Security Hub by default. You can remove and add another Delegated Administrator at any time.

---

After enabling Security Hub. It will take some time to gather information from your Organizations or accounts. After gathering information it will generate the security Findings as per security standards and will give a score of your organization or account.

Benefits of AWS Security Hub

• Reduced effort to collect and prioritize findings

• Automatic security checks against best practices and standards

• Consolidated view of findings across accounts and providers

• Ability to automate remediation of findings

• You can create slack notification based on the findings.

Security Hub Features

Summary: Dashboard for all security findings:

Security standards: It will show you the score as per the security standards you have enabled. You can view details bu clicking the View results button.

You can enable/disable any Security standards from here:

Insights: Security Hub insight is a collection of related findings. Security Hub offers several built-in managed insights. You cannot modify or delete managed insights. But you can create new Insights as per your requirements and also you can modify it.

and Of course, you can see the details view by clicking one of the insights:

Findings: This is the actual security findings:

You can filter the findings as per your requirements. One of the example of filtering GuardDuty product on securityhub

One of the key advantages of using Security Hub is Remediation. You will find the details of the findings with Remediation by just clicking the title of the findings:

You just need to click the link and follow the procedure to prevent the findings.

Integrations: You can integrate with Security Hub.

You can integrate with AWS Chatbot, Slack, Detective, Audit Manager, GuardDuty, Health, IAA, Inspector, Macie etc. services.

Follow this to Enable Chatbot for slack notification from Security Hub.

Settings: You can add accounts, Auto-enable from here:

From the General tab you can remove and add Delegated Administrator and also disable Security Hub:

You cannot disable Security Hub in the following cases:

• Your account is the designated Security Hub administrator account for an organization.

• Your account is a Security Hub administrator account by invitation, and you have member accounts that are enabled. Before you can disable Security Hub, you must disassociate all of your member accounts.

• Your account is a member account. Before you can disable Security Hub, your account must be disassociated from your administrator account. For an organization account, only the administrator account can disassociate member accounts.

• After 90 days, your existing findings and insights and any Security Hub configuration settings are deleted and cannot be recovered.

• Any enabled standards are disabled.

Summary

Security Hub is a grate tool which help you to maintain the security standard. You can integrate the security hub with other AWS services to get centralized findings of your security threads.

To learn more, read the AWS Security Hub documentation.

Thanks for reading! Happy Cloud Computing!

Connect with me: Linkedin