Posted On: Aug 2, 2022
AWS Security Hub now allows you to designate an aggregation Region in AWS GovCloud (US) and link some or all regions to that aggregation region. This gives you a centralized view of all your security findings across your accounts and linked regions. After you link a region to the aggregation region, your findings are continuously synchronized between the regions. Any update to a finding in a linked region is replicated to the aggregation region, and any update to a finding in the aggregation region is replicated to the linked region where the finding originated.
Previously, you needed to have a separate Security Hub tab open for each AWS GovCloud (US) Region. Now, your Security Hub administrator or delegated administrator account can view and manage all of your findings in the aggregation region. Individual Security Hub member accounts in the aggregation region can also view and manage all of their findings across all linked regions.
Your Amazon EventBridge feed in your administrator account and aggregation region also now includes all of your findings across all member accounts and linked regions. This allows you to simplify integrations with ticketing, chat, incident management, logging, and auto-remediation tools by consolidating those integrations into your aggregation region. There is no additional cost to use this feature.
Security Hub is available globally and is designed to give you a comprehensive view of your security posture across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, including Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, AWS Systems Manager Patch Manager, AWS Config, AWS Health, AWS IAM Access Analyzer, as well as from over 65 AWS Partner Network (APN) solutions. You can also continuously monitor your environment using automated security checks based on standards, such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard. In addition, you can take action on these findings by investigating findings in Amazon Detective or AWS Systems Manager OpsCenter or by sending them to AWS Audit Manager or AWS Chatbot. You can also use Amazon EventBridge rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), response and remediation workflows, and incident management tools.