Posted On: Mar 13, 2020

AWS Security Hub today released updates and additions to AWS Security Finding Format (ASFF) that enable integrated Security Hub partners to send richer, more detailed findings to Security Hub. We have added a new Severity.Label field that is intended to replace the Severity.Normalized field. Severity.Label allows for informational, low, medium, high, and critical values, and each finding provider will select the appropriate value for their finding. If a finding is missing the Severity.Label field, Security Hub will automatically populate it based on the existing Severity.Normalized field. We are also updating how we track the status of the investigation into a finding. The existing WorkflowState field is deprecated. We have added a new Workflow object to contain information about the investigation workflow. It currently contains a single field, Status, which replaces the deprecated WorkflowState. Next, we have added new fields to the AwsS3Bucket resource details and added a new AwsS3Object resource type and corresponding details object. Finally, we added the following new resource types. These resource types do not yet have a corresponding details objects: AwsApiGatewayMethod, AwsApiGatewayRestApi, AwsAppStreamFleet, AwsCertificateManagerCertificate, AwsCloudFormationStack, AwsCloudWatchAlarm, AwsCodeCommitRepository, AwsCodeDeployApplication, AwsCodeDeployDeploymentGroup, AwsCodePipelinePipeline, AwsCognitoIdentityPool, AwsCognitoUserPool, AwsEcsService, AwsEcsTaskDefinition, AwsEfsFileSystem, AwsEksCluster, AwsElastiCacheCacheCluster, AwsElbLoadBalancer, AwsEmrCluster, AwsKinesisStream, and AwsLogsLogGroup.

Available globally, AWS Security Hub gives you a comprehensive view of your high priority security alerts and security status across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, AWS IAM Access Analyzer, AWS Firewall Manager, and Amazon Macie, as well as from AWS Partner solutions. You can also continuously monitor your environment using automated security checks based on the AWS best practices and industry standards, such as the CIS AWS Foundations Benchmark and the Payment Card Industry Data Security Standard. You can also take action on these security findings by investigating them in Amazon Detective or by using Amazon CloudWatch Event rules to send the findings to ticketing tools, chat systems, Security Information and Event Management (SIEM) solutions, incident management platforms, and AWS remediation playbooks. 

You can enable your 30-day free trial of AWS Security Hub with a single-click in the AWS Management console. Please see the AWS Regions page for all the regions where AWS Security Hub is available. To learn more about AWS Security Hub capabilities, see the AWS Security Hub documentation, and to start your 30-day free trial see the AWS Security Hub free trial page.