AWS Security Blog

Category: AWS Security Hub

Best practices for cross-Region aggregation of security findings

AWS Security Hub enables customers to have a centralized view into the security posture across their AWS environment by aggregating your security alerts from various AWS services and partner products in a standardized format so that you can more easily take action on them. To facilitate that central view, Security Hub allows you to designate […]

Read More

Using AWS security services to protect against, detect, and respond to the Log4j vulnerability

Overview In this post we will provide guidance to help customers who are responding to the recently disclosed log4j vulnerability. This covers what you can do to limit the risk of the vulnerability, how you can try to identify if you are susceptible to the issue, and then what you can do to update your […]

Read More
Figure 2: Amazon EC2 Instance role assumes cross account IAM role

Disabling Security Hub controls in a multi-account environment

In this blog post, you’ll learn about an automated process for disabling or enabling selected AWS Security Hub controls across multiple accounts and multiple regions. You may already know how to disable Security Hub controls through the Security Hub console, or using the Security Hub update-standards-control API. However, these methods work on a per account […]

Read More

Automatically resolve Security Hub findings for resources that no longer exist

In this post, you’ll learn how to automatically resolve AWS Security Hub findings for previously deleted Amazon Web Services (AWS) resources. By using an event-driven solution, you can automatically resolve findings for AWS and third-party service integrations. Security Hub provides a comprehensive view of your security alerts and security posture across your AWS accounts. Security […]

Read More

Correlate security findings with AWS Security Hub and Amazon EventBridge

In this blog post, we’ll walk you through deploying a solution to correlate specific AWS Security Hub findings from multiple AWS services that are related to a single AWS resource, which indicates an increased possibility that a security incident has happened. AWS Security Hub ingests findings from multiple AWS services, including Amazon GuardDuty, Amazon Inspector, […]

Read More

How to set up a two-way integration between AWS Security Hub and Jira Service Management

If you use both AWS Security Hub and Jira Service Management, you can use the new AWS Service Management Connector for Jira Service Management to create an automated, bidirectional integration between these two products that keeps your Security Hub findings and Jira issues in sync. In this blog post, I’ll show you how to set up this integration. […]

Read More

Enable Security Hub PCI DSS standard across your organization and disable specific controls

At this time, enabling the PCI DSS standard from within AWS Security Hub enables this compliance framework only within the Amazon Web Services (AWS) account you are presently administering. This blog post showcases a solution that can be used to customize the configuration and deployment of the PCI DSS standard compliance standard using AWS Security […]

Read More

How to automate forensic disk collection in AWS

In this blog post you’ll learn about a hands-on solution you can use for automated disk collection across multiple AWS accounts. This solution will help your incident response team set up an automation workflow to capture the disk evidence they need to analyze to determine scope and impact of potential security incidents. This post includes […]

Read More

How to create auto-suppression rules in AWS Security Hub

July 13, 2021: We’ve updated this post to clarify how SecurityHub and EventBridge rules exchange data between management and member accounts. AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. With Security Hub, you have a single place that aggregates, organizes, and prioritizes your security […]

Read More

How to import AWS IoT Device Defender audit findings into Security Hub

AWS Security Hub provides a comprehensive view of the security alerts and security posture in your accounts. In this blog post, we show how you can import AWS IoT Device Defender audit findings into Security Hub. You can then view and organize Internet of Things (IoT) security findings in Security Hub together with findings from […]

Read More