Posted On: Mar 25, 2021

AWS Security Hub is now integrated with Amazon Macie to automatically ingest sensitive data findings from Macie. Security Hub previously ingested policy findings from Macie, and this integration adds sensitive data findings. All of Security Hub’s findings are automatically normalized using the AWS Security Finding Format (ASFF), enabling you to more easily search, correlate, and operationalize them. To get started, visit the Settings page in the Macie console and select Security Hub as a publish destination for sensitive data findings. You can also learn more about how to discover sensitive data in the Macie documentation.

Within Security Hub, you can search for which Amazon S3 buckets have policy violations via findings from Macie, threat detections via findings from Amazon GuardDuty, or misconfigurations via findings from Security Hub’s automated security checks. You can now also see if those S3 buckets have sensitive data in them via Macie’s sensitive data findings, which helps you further prioritize these findings for action. All findings in Security Hub, including Macie’s sensitive data findings, are also automatically sent to Amazon EventBridge. Since all Security Hub findings use ASFF as a common data schema, you can more simply build EventBridge rules that leverage this common schema to route findings to response and remediation tools and workflows.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. Getting started with Amazon Macie is fast and easy with one-click in the AWS Management Console or a single API call, including multi-account support using AWS Organizations to allow for enablement across all AWS accounts in an organization with a few clicks. The service maintains a large and growing list of managed sensitive data types, including personal identifiable information (PII) such as names, addresses, credit card numbers, and country identification numbers as well as supports the creation of custom sensitive data types that can be used to detect sensitive data that may be unique to a given business or use case.  

AWS Security Hub is available globally and is designed to give you a comprehensive view of your security posture across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, including Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, AWS Systems Manager Patch Manager, AWS Chatbot, AWS Config, AWS IAM Access Analyzer, as well as from over 50 APN solutions. You can also continuously monitor your environment using automated security checks based on standards, such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard. You can also take action on these findings by investigating findings in Amazon Detective or sending them to AWS Audit Manager. You can also use Amazon EventBridge rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), response and remediation workflows, and incident management tools.  

You can enable your 30-day free trial of AWS Security Hub with a single-click in the AWS Management console. To learn more about AWS Security Hub capabilities, see the AWS Security Hub documentation, and to start your 30-day free trial see the AWS Security Hub free trial page. Amazon Macie also comes with a 30-day free trial for S3 bucket level inventory and evaluation of access control and encryption. Sensitive data discovery is free for the first 1 GB per account per region each month, with additional scanning charges according to the Amazon Macie pricing plan. To learn more, see the Amazon Macie documentation page.