AWS Security Hub provides you with a great comprehensive view of your infrastructure security state in AWS. It also helps you check security industry standards and best practices.
Security Hub collects all security data from your AWS accounts/Organisations, services, and products and helps you to analyze your security trends and identify the highest priority security issues.
Enabling AWS Security Hub is very simple.
- Sign in and go to the Security Hub console and click
go to Security Hubbutton:
- Select the security standards and click
Enable Security Hubbutton:
It will enable the security hub for that account in that region.
Log in to the AWS organization's management account and Open the
Security Huband click
Enable trusted access
It will enable the
Security Hub for all of the Organization's member accounts as well as the management account (Root account).
Note: Management account will be the
Delegated Administrator for the
Security Hub by default. You can remove and add another
Delegated Administrator at any time.
Security Hub. It will take some time to gather information from your Organizations or accounts. After gathering information it will generate the security Findings as per security standards and will give a score of your organization or account.
Reduced effort to collect and prioritize findings
Automatic security checks against best practices and standards
Consolidated view of findings across accounts and providers
Ability to automate remediation of findings
You can create slack notification based on the findings.
Summary: Dashboard for all security findings:
Security standards: It will show you the score as per the
security standards you have enabled. You can view details bu clicking the
View results button.
Security standards from here:
Insights: Security Hub insight is a collection of related findings. Security Hub offers several built-in managed insights. You cannot modify or delete managed insights. But you can create new Insights as per your requirements and also you can modify it.
and Of course, you can see the details view by clicking one of the insights:
Findings: This is the actual security findings:
You can filter the findings as per your requirements. One of the example of filtering GuardDuty product on securityhub
One of the key advantages of using
Security Hub is
Remediation. You will find the details of the findings with
Remediation by just clicking the
title of the findings:
You just need to click the link and follow the procedure to prevent the findings.
Integrations: You can integrate with Security Hub.
You can integrate with AWS Chatbot, Slack, Detective, Audit Manager, GuardDuty, Health, IAA, Inspector, Macie etc. services.
Follow this to Enable Chatbot for slack notification from
Settings: You can
Auto-enable from here:
General tab you can remove and add
Delegated Administrator and also disable Security Hub:
You cannot disable Security Hub in the following cases:
Your account is the designated Security Hub administrator account for an organization.
Your account is a Security Hub administrator account by invitation, and you have member accounts that are enabled. Before you can disable Security Hub, you must disassociate all of your member accounts.
Your account is a member account. Before you can disable Security Hub, your account must be disassociated from your administrator account. For an organization account, only the administrator account can disassociate member accounts.
After 90 days, your existing findings and insights and any Security Hub configuration settings are deleted and cannot be recovered.
Any enabled standards are disabled.
Security Hub is a grate tool which help you to maintain the security standard. You can integrate the security hub with other AWS services to get centralized findings of your security threads.
To learn more, read the AWS Security Hub documentation.
Thanks for reading! Happy Cloud Computing!
Connect with me: Linkedin