Posted On: Apr 1, 2022
AWS Security Hub now supports specifying company and product names for custom integrations, so that you can better search, aggregate, and take action on findings from custom integrations. Security Hub has 75 official integrations, but it also enables you to ingest findings from custom integrations that you build. Previously, the company and product name for these custom integrations were set to personal and default, respectively, and you could not change them. Now, you can specify the company and product names using Security Hub’s BatchImportFindings API, and you can see the new company and product names reflected in the Security Hub console and in the JSON of each finding. You can use the customized company and product names to search findings, create insights, and you can build automated response and remediation workflows that trigger on them.
Security Hub is available globally and is designed to give you a comprehensive view of your security posture across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, including Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, AWS Systems Manager Patch Manager, AWS Config, AWS Health, AWS IAM Access Analyzer, as well as from over 60 AWS Partner Network (APN) solutions. You can also continuously monitor your environment using automated security checks based on standards, such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard. In addition, you can take action on these findings by investigating findings in Amazon Detective or AWS Systems Manager OpsCenter or by sending them to AWS Audit Manager or AWS Chatbot. You can also use Amazon EventBridge rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), response and remediation workflows, and incident management tools.