Consolidated findings across AWS services and partner integrations
AWS Security Hub collects and consolidates findings from AWS security services enabled in your environment, such as intrusion detection findings from Amazon GuardDuty, vulnerability scans from Amazon Inspector, S3 bucket policy findings from Amazon Macie, publicly accessible and cross-account resources from IAM Access Analyzer, and resources lacking WAF coverage from AWS Firewall Manager. AWS Security Hub also consolidates findings from integrated AWS Partner Network (APN) security solutions. All findings are stored for at least 90 days within AWS Security Hub.
Automated, continuous compliance checks
Automate continuous, account and resource-level configuration and compliance checks using industry standards and best practices. For example, AWS Security Hub automates the Center for Internet Security (CIS) AWS Foundations Benchmark, a set of security configuration best practices for AWS. If any of your accounts or resources deviate from a best practice, AWS Security Hub flags the problem and recommends remediation steps.
Seamless integration through a standardized findings format
Security findings from AWS services such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie are collected in Security Hub using a standardized AWS Security Findings Format. Partner integrations such as Check Point, CrowdStrike, Palo Alto Networks, Qualys, Symantec, and others use the same standardized findings format, eliminating time-consuming data parsing and normalization tasks. Now you can focus on prioritizing and acting on these consolidated findings.
Custom response and remediation actions
AWS Security Hub integrates with Amazon CloudWatch events, enabling you to create custom response and remediation workflows. You can easily send findings to SIEMs, chat tools, ticketing systems, Security Orchestration Automation and Response (SOAR) tools, and on-call management platforms. You can also use AWS System Manager Automation documents, AWS Step Functions, and AWS Lambda functions to build automated remediation workflows that can be initiated from Security Hub.
With a few clicks in the AWS Security Hub console, you can connect multiple AWS accounts and consolidate findings across those accounts. By designating a master security account, you can enable your security team to see consolidated findings for all accounts, while individual account owners see only findings associated with their account.
Useful predefined security insights
Security insights are grouped findings that highlight emerging trends or possible issues. For example, insights help to identify EC2 instances that are missing security patches for important vulnerabilities, or S3 buckets with public read or write permissions. AWS Security Hub’s predefined (i.e., managed) insights are designed to quickly flag the resources and accounts of most concern.
Custom insights for your environment
Create and customize your own insights, tailored to your specific security and compliance needs. You can base custom insights on the predefined security insights offered by AWS Security Hub or start from scratch. For example, you can create an insight to identify EC2 instances tagged as “production” that don't meet security standards.
Visual summary dashboard
Monitor your compliance and quickly identify security issues and trends using AWS Security Hub’s summary dashboard. For example, you can drill down into a trendline graph to discover that a set of Amazon EC2 instances with a high number of findings were all created using the same Amazon Machine Images (AMI).
Diverse ecosystem of partner integrations
AWS Security Hub can collect findings from integrated security tools offered by a broad set of AWS Partners, including Alert Logic, Armor, Barracuda, Check Point, CrowdStrike, CyberArk, Demisto, F5 Networks, GuardiCore, IBM, Imperva, McAfee, PagerDuty, Palo Alto Networks, Qualys, Rapid7, Slack, Sophos, Splunk, Sumo Logic, Symantec, Tenable, Turbot, and Twistlock. Learn more about AWS Security Hub Partners.