AWS Security Blog
Tag: AWS Security Hub
Automatically block suspicious DNS activity with Amazon GuardDuty and Route 53 Resolver DNS Firewall
In this blog post, we’ll show you how to use Amazon Route 53 Resolver DNS Firewall to automatically respond to suspicious DNS queries that are detected by Amazon GuardDuty within your Amazon Web Services (AWS) environment. The Security Pillar of the AWS Well-Architected Framework includes incident response, stating that your organization should implement mechanisms to […]
Correlate IAM Access Analyzer findings with Amazon Macie
In this blog post, you’ll learn how to detect when unintended access has been granted to sensitive data in Amazon Simple Storage Service (Amazon S3) buckets in your Amazon Web Services (AWS) accounts. It’s critical for your enterprise to understand where sensitive data is stored in your organization and how and why it is shared. […]
AWS Security Profile: Ely Kahn, Principal Product Manager for AWS Security Hub
In the AWS Security Profile series, I interview some of the humans who work in Amazon Web Services Security and help keep our customers safe and secure. This interview is with Ely Kahn, principal product manager for AWS Security Hub. Security Hub is a cloud security posture management service that performs security best practice checks, […]
How to use AWS Security Hub and Amazon OpenSearch Service for SIEM
April 25, 2023: We’ve updated this blog post to include more security learning resources. AWS Security Hub provides you with a consolidated view of your security posture in Amazon Web Services (AWS) and helps you check your environment against security standards and current AWS security recommendations. Although Security Hub has some similarities to security information […]
Top 2021 AWS Security service launches security professionals should review – Part 1
Given the speed of Amazon Web Services (AWS) innovation, it can sometimes be challenging to keep up with AWS Security service and feature launches. To help you stay current, here’s an overview of some of the most important 2021 AWS Security launches that security professionals should be aware of. This is the first of two […]
How to build a multi-Region AWS Security Hub analytic pipeline and visualize Security Hub data
AWS Security Hub is a service that gives you aggregated visibility into your security and compliance posture across multiple Amazon Web Services (AWS) accounts. By joining Security Hub with Amazon QuickSight—a scalable, serverless, embeddable, machine learning-powered business intelligence (BI) service built for the cloud—your senior leaders and decision-makers can use dashboards to empower data-driven decisions […]
How to enrich AWS Security Hub findings with account metadata
In this blog post, we’ll walk you through how to deploy a solution to enrich AWS Security Hub findings with additional account-related metadata, such as the account name, the Organization Unit (OU) associated with the account, security contact information, and account tags. Account metadata can help you search findings, create insights, and better respond to […]
Using AWS security services to protect against, detect, and respond to the Log4j vulnerability
April 21, 2022: The blog post has been updated to include information on the updated version of the hotpatch. See this security advisory for more details. Overview In this post we will provide guidance to help customers who are responding to the recently disclosed log4j vulnerability. This covers what you can do to limit the […]
Disabling Security Hub controls in a multi-account environment
February 28, 2024: Security Hub now supports central configuration for security standards and controls across accounts. This new feature addresses many of the scenarios that are covered by the scripts in this blog post, reducing or eliminating the need to run these scripts. Before you use the scripts in this post, see Central configuration in […]
Automatically resolve Security Hub findings for resources that no longer exist
In this post, you’ll learn how to automatically resolve AWS Security Hub findings for previously deleted Amazon Web Services (AWS) resources. By using an event-driven solution, you can automatically resolve findings for AWS and third-party service integrations. Security Hub provides a comprehensive view of your security alerts and security posture across your AWS accounts. Security […]