Posted On: Jan 20, 2022
AWS Security Hub is now integrated with AWS Health and automatically receives security-related findings from AWS Health to provide you with a more complete view of your AWS security posture. AWS Health delivers alerts about your resource performance and the availability of your AWS services and accounts. AWS Health alerts also cover some security topics, and those security-related alerts are now sent to Security Hub. Examples of security-related alerts from AWS Health include alerts about compromised AWS access keys, security alerts about an AWS service (e.g., an older version of an Amazon RDS database instance that needs to be upgraded due to a known vulnerability), or alerts about operational issues associated with an AWS security service (e.g., a regional outage).
These Health findings are automatically sent to Security Hub without any configuration needed and are available in Security Hub’s AWS Security Finding Format alongside findings from its other integrations. The AWS Health integration brings the total number of integrations available in Security Hub to 74, including 12 AWS services.
AWS Security Hub is available globally and is designed to give you a comprehensive view of your security posture across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, including Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, AWS Systems Manager Patch Manager, AWS Config, AWS IAM Access Analyzer, AWS Health, as well as from over 60 AWS Partner Network (APN) solutions. You can also continuously monitor your environment using automated security checks based on standards, such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard. In addition, you can take action on these findings by investigating findings in Amazon Detective or AWS Systems Manager OpsCenter or by sending them to AWS Audit Manager or AWS Chatbot. You can also use Amazon EventBridge rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), response and remediation workflows, and incident management tools.