Posted On: Oct 20, 2021
AWS Security Hub now allows you to designate an aggregation Region and link some or all Regions to that aggregation Region. This gives you a centralized view of all your findings across all of your accounts and all of your linked Regions. After you link a Region to the aggregation Region, your findings are continuously synchronized between the Regions. Any update to a finding in a linked Region is replicated to the aggregation Region, and any update to a finding in the aggregation Region is replicated to the linked Region where the finding originated. To learn more about this feature, you can read about in our documentation here or watch a demo video.
Previously, you needed to have a separate Security Hub tab open for each Region. Now, your Security Hub administrator or delegated administrator account can view and manage all of your findings in the aggregation Region. Individual Security Hub member accounts in the aggregation Region can also view and manage all of their findings across all linked Regions.
Your Amazon EventBridge feed in your administrator account and aggregation Region also now includes all of your findings across all member accounts and linked Regions. This allows you to simplify integrations with ticketing, chat, incident management, logging, and auto-remediation tools by consolidating those integrations into your aggregation Region. There is no additional cost to use this feature.
AWS Security Hub is available globally and is designed to give you a comprehensive view of your security posture across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, including Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, AWS Systems Manager Patch Manager, AWS Chatbot, AWS Config, AWS IAM Access Analyzer. You can also receive and manage findings from over 60 AWS Partner Network (APN) solutions. You can also continuously monitor your environment using automated security checks that are based on standards, such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard.
You can take action on these findings by investigating findings in Amazon Detective or sending them to AWS Audit Manager. You can also use Amazon EventBridge rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), response and remediation workflows, and incident management tools.