Description

AWS Security Hub gives you a comprehensive view of your high-priority security alerts and compliance status across AWS accounts. There is a range of powerful security tools at your disposal, from firewalls and endpoint protection to vulnerability and compliance scanners. But oftentimes this leaves your team switching back-and-forth between these tools to deal with hundreds, and sometimes thousands, of security alerts every day. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner solutions. Your findings are visually summarized on integrated dashboards with actionable graphs and tables. You can also continuously monitor your environment using automated compliance checks based on the AWS best practices and industry standards your organization follows. Get started with AWS Security Hub in just a few clicks in the Management Console and once enabled, Security Hub will begin aggregating and prioritizing findings.

 

Rationale

AWS Security Hub provides you with a comprehensive view of your security state in AWS and helps you check your environment against security industry standards and best practices.

Security Hub collects security data from across AWS accounts, services, and supported third-party partner products and helps you analyze your security trends and identify the highest priority security issues.

 

Impact:

  • Reduced effort to collect and prioritize findings

  • Automatic security checks against best practices and standards

  • Consolidated view of findings across accounts and providers

  • Ability to automate remediation of findings


Default Value:

By default, the security Hub is disabled.


Pre-requisites:

  • Sign in as Admin or IAM user with required permissions



Remediation:


Test Plan:

  1. Login to AWS Management console

  2. Go to Security Hud service at https://ap-south-1.console.aws.amazon.com/securityhub

  3. If it shows Go to Security Hub, it means Security Hub is not setted up yet



Implementation Steps:

  1. Login to AWS Management console

  2. Go to Security Hud service at https://ap-south-1.console.aws.amazon.com/securityhub

  3. Click on Go to Security Hub

  4. Choose the Security Standard you want as per the organizations security policies
    You can enable or disable a standard or its individual controls at any time.

  5. Click on Enable Security Hub



Using AWS CLI:

aws securityhub enable-security-hub --enable-default-standards --tags '{"Department": "Security"}'

Note: Use tags as required


Backout plan:

  1. Login to AWS Management console

  2. Go to Security Hud service at https://ap-south-1.console.aws.amazon.com/securityhub

  3. Click on Settings in the left navigation pane

  4. Select the General tab and at the bottom click on Disable AWS Security Hub


Reference:

What is AWS Security Hub? - AWS Security Hub