Security Hub
AWS Security Hub provides a single pane of glass for AWS environment security, collecting security data from AWS accounts and services and third-party partner services.
Concepts
- AWS accounts can either enable Security Hub or be invited to become associated with another account.
- Accounts that accept invitations become member accounts.
- The inviting account becomes the administrator account.
- Delegated administrator accounts can manage services across Organisations.
- The aggregation region is the region from which you review findings.
- ASFF is the standardised format in which findings are represented.
- Controls are documented safeguards.
- Related requirements are sets of security requirements mapped to a control.
- Findings provide a record of a detection.
- Findings may be archived.
- Ingestion is the process of receiving findings from other AWS services and third-party services.
- Aggregations allow findings to be reviewed in a single region; they're the process of collecting and grouping findings.
- Insights are collections of related findings after applying filters and an aggregation statement.
- Rules are sets of criteria that define whether or not a control is being adhered to. Rules can be in one of three states:
- Passed indicates the rule is being adhered to.
- Failed indicates the rule is not being adhered to.
- Warning indicates that the rule couldn't be evaluated.
- Security checks are point-in-time evaluations of rules against individual resources.
- Security standards are published statements (e.g. CIS AWS Foundations, PCI DSS) that define characteristics of compliance, using controls.
- Workflow statuses track progress toward resolution.
NEWis the initial state.NOTIFIEDindicates that the owner of the resource was notified to take action on the finding.SUPPRESSEDindicates a non-issue that doesn't require action.RESOLVEDindicates that the identified problem has been addressed.
Supported services
Backlinks