AWS Security Hub provides you with a great comprehensive view of your infrastructure security state in AWS. It also helps you check security industry standards and best practices.
Security Hub collects all security data from your AWS accounts/Organisations, services, and products and helps you to analyze your security trends and identify the highest priority security issues.
Enable AWS Security Hub in a standalone account
Enabling AWS Security Hub is very simple.
- Sign in and go to the Security Hub console and click
go to Security Hub
button:
- Select the security standards and click
Enable Security Hub
button:
It will enable the security hub for that account in that region.
Enable AWS Security Hub in Multi-account (Organization) environment
Log in to the AWS organization's management account and Open the
AWS Organizations
console.From the
Services
tab openSecurity Hub
and clickEnable trusted access
It will enable the Security Hub
for all of the Organization's member accounts as well as the management account (Root account).
Note: Management account will be the Delegated Administrator
for the Security Hub
by default. You can remove and add another Delegated Administrator
at any time.
After enabling Security Hub
. It will take some time to gather information from your Organizations or accounts. After gathering information it will generate the security Findings as per security standards and will give a score of your organization or account.
Benefits of AWS Security Hub
Reduced effort to collect and prioritize findings
Automatic security checks against best practices and standards
Consolidated view of findings across accounts and providers
Ability to automate remediation of findings
You can create slack notification based on the findings.
Security Hub Features
Summary: Dashboard for all security findings:
Security standards: It will show you the score as per the security standards
you have enabled. You can view details bu clicking the View results
button.
You can enable/disable
any Security standards
from here:
Insights: Security Hub insight is a collection of related findings. Security Hub offers several built-in managed insights. You cannot modify or delete managed insights. But you can create new Insights as per your requirements and also you can modify it.
and Of course, you can see the details view by clicking one of the insights:
Findings: This is the actual security findings:
You can filter the findings as per your requirements. One of the example of filtering GuardDuty product on securityhub
One of the key advantages of using Security Hub
is Remediation
. You will find the details of the findings with Remediation
by just clicking the title
of the findings:
You just need to click the link and follow the procedure to prevent the findings.
Integrations: You can integrate with Security Hub.
You can integrate with AWS Chatbot, Slack, Detective, Audit Manager, GuardDuty, Health, IAA, Inspector, Macie etc. services.
Follow this to Enable Chatbot for slack notification from Security Hub
.
Settings: You can add accounts
, Auto-enable
from here:
From the General
tab you can remove and add Delegated Administrator
and also disable Security Hub:
You cannot disable Security Hub in the following cases:
Your account is the designated Security Hub administrator account for an organization.
Your account is a Security Hub administrator account by invitation, and you have member accounts that are enabled. Before you can disable Security Hub, you must disassociate all of your member accounts.
Your account is a member account. Before you can disable Security Hub, your account must be disassociated from your administrator account. For an organization account, only the administrator account can disassociate member accounts.
After 90 days, your existing findings and insights and any Security Hub configuration settings are deleted and cannot be recovered.
Any enabled standards are disabled.
Summary
Security Hub
is a grate tool which help you to maintain the security standard. You can integrate the security hub with other AWS services to get centralized findings of your security threads.
To learn more, read the AWS Security Hub documentation.
Thanks for reading! Happy Cloud Computing!
Connect with me: Linkedin
Top comments (0)