Posted On: Feb 5, 2020

AWS Security Hub today released updates and additions to AWS Security Finding Format (ASFF) that enable integrated Security Hub partners to send richer, more detailed findings to Security Hub.  

The ASFF now supports new resource types. For the following new resource types, we also added an accompanying resource details object containing fields for security finding providers to populate: AwsCodeBuildProject, AwsEc2NetworkInterface, AwsEc2SecurityGroup, AwsElasticsearchDomain, AwsLambdaLayerVersion, AwsRdsDbInstance, and AwsWafWebAcl. These new resource types do not yet have details objects: AutoscalingAutoscalingGroup, AwsDynamoDbTable, AwsEc2Eip, AwsEc2Snapshot, AwsEc2Volume, AwsRdsDbSnapshot, AwsRedshiftCluster, and AwsS3Object. We also increased the limit on the number of allowed resources per finding from 10 to 32. Finally, we added a new field, Compliance.RelatedRequirements, which lists the related regulatory controls for compliance-related findings.  

Available globally, AWS Security Hub gives you a comprehensive view of your high priority security alerts and compliance status across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner solutions. You can also continuously monitor your environment using automated compliance checks based on the AWS best practices and industry standards, such as the CIS AWS Foundations Benchmark. You can also take action on these security and compliance findings by using Amazon CloudWatch Event rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), and incident management tools or to custom remediation playbooks. 

You can enable your 30-day free trial of AWS Security Hub with a single-click in the AWS Management console. Please see the AWS Regions page for all the regions where AWS Security Hub is available. To learn more about AWS Security Hub capabilities, see the AWS Security Hub documentation, and to start your 30-day free trial see the AWS Security Hub free trial page.