What should be in your AWS Security Account? (Part 2)

This article will be a brief intro to AWS Security Hub.

What is it?

AWS Security Hub is a comprehensive security service that provides centralised visibility (as a dashboard) into your AWS security and helps you identify and remediate security issues across all of your AWS accounts.

What is included?

You'll see information from the following services:

• Macie
• GuardDuty
• Inspector
• Config
• IAM Access Analyser
• Systems Manager
• AWS Health
• AWS Firewall Manager

For Security Hub to work you must enable AWS Config.

You can generate EventBridge actions based on the findings in your dashboard and also investigate the findings via Inspector.

Pricing

Security Checks:

Ingestion:

Finding ingestions include both new findings and updates to existing findings.

You are not charged for finding ingestion events associated with Security Hub security checks.?

Automation Rules:

Security Hub automation rules allow you to automatically update or suppress findings in near-real time. You can automatically update various fields in findings, suppress findings, update finding severity and workflow status, add notes, and more. You can set criteria such as finding title or severity to make sure rules act only on relevant findings. This feature is priced by the quantity of automation rule evaluations per month.

To get started you need to set which set of standard rules you want the checks to adhere to. Select as many options as are appropriate to your business:

• AWS Foundational Best Practices
• CIS AWS Foundation Benchmark
• PCI DSS