Description:
AWS Security Hub gives you a comprehensive view of your high-priority security alerts and compliance status across AWS accounts. There is a range of powerful security tools at your disposal, from firewalls and endpoint protection to vulnerability and compliance scanners. But oftentimes this leaves your team switching back-and-forth between these tools to deal with hundreds, and sometimes thousands, of security alerts every day. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner solutions. Your findings are visually summarized on integrated dashboards with actionable graphs and tables. You can also continuously monitor your environment using automated compliance checks based on the AWS best practices and industry standards your organization follows. Get started with AWS Security Hub in just a few clicks in the Management Console and once enabled, Security Hub will begin aggregating and prioritizing findings.
Rationale:
AWS Security Hub provides you with a comprehensive view of your security state in AWS and helps you check your environment against security industry standards and best practices.
Security Hub collects security data from across AWS accounts, services, and supported third-party partner products and helps you analyze your security trends and identify the highest priority security issues.
Impact:
Reduced effort to collect and prioritize findings
Automatic security checks against best practices and standards
Consolidated view of findings across accounts and providers
Ability to automate remediation of findings
Default Value:
By default, the security Hub is disabled.
Pre-requisites:
Sign in as Admin or IAM user with required permissions
Remediation:
Test Plan:
Login to AWS Management console
Go to Security Hud service at https://ap-south-1.console.aws.amazon.com/securityhub
If it shows Go to Security Hub, it means Security Hub is not setted up yet
Implementation Steps:
Login to AWS Management console
Go to Security Hud service at https://ap-south-1.console.aws.amazon.com/securityhub
Click on Go to Security Hub
Choose the Security Standard you want as per the organizations security policies
You can enable or disable a standard or its individual controls at any time.Click on Enable Security Hub
Using AWS CLI:
aws securityhub enable-security-hub --enable-default-standards --tags '{"Department": "Security"}'
Note: Use tags as required
Backout plan:
Login to AWS Management console
Go to Security Hud service at https://ap-south-1.console.aws.amazon.com/securityhub
Click on Settings in the left navigation pane
Select the General tab and at the bottom click on Disable AWS Security Hub
Reference:
What is AWS Security Hub? - AWS Security Hub