loader image

Automate anything with AWS Security Hub Integrations

Categories

Category:

Tags

Vendor

AWS Security Hub Integrations with Mindflow

Automation Use Cases with AWS Security Hub Integration

About AWS Security Hub

AWS Security Hub was integrated by Mindflow to enable users to automate their incident management and better protect their information system.

AWS Security Hub Overview

AWS Security Hub is a cloud security posture management service available as part of the AWS stack. Security Hub enables you to understand your overall security posture via a consolidated security score across all your AWS accounts. It automatically assesses the security of your AWS accounts resources via frameworks such as the AWS Foundational Security Best Practices standard.

It also aggregates all of your security findings from dozens of AWS security services (GuardDuty, Inspector, Macie AWS Config, AWS Partner Network Products) and APN products in a single place and format via the AWS Security Finding Format. It reduces your Mean Time To Remediation (MTTR) with an automated response and remediation support.

SecurityHub

Security Hub has out-of-the-box integrations with ticketing, chat, SIEM, SOAR, threat investigation, Governance Risk and Compliance (GRC), and incident management tools to provide a complete security operations workflow.

Benefits

Automated, continuous security best practice checks

AWS Security Hub provides you with automated security controls called the AWS Foundational Security Best Practices standard that either run continuously whenever changes to the associated resources or on a set periodic schedule. Each control has a specific severity score to help you prioritize your remediation efforts. Security Hub also offers additional standards aligned to industry and regulatory frameworks, such as the PCI DSS and the CIS AWS Foundations Benchmark.

Security Hub Best Practices

Consolidated findings across AWS services and partner integrations

Security Hub automatically collects and consolidates findings from AWS security services enabled in your environment, such as intrusion detection findings from Amazon GuardDuty, vulnerability scans from Amazon Inspector, Amazon Simple Storage Service (Amazon S3) bucket policy findings from Amazon Macie, publicly accessible and cross-account resources from IAM Access Analyzer, and resources lacking WAF coverage from AWS Firewall Manager. AWS Security Hub consolidates findings from dozens of integrated AWS Partner Network (APN) security solutions.

A single, standardized data format for all of your findings

With the AWS Security Findings Format, all of Security Hub’s integration partners (including both AWS services and external partners) send their findings to Security Hub in a well-typed JSON format consisting of over 1,000 available fields. This means you don’t need to do any parsing and normalization yourself.

Multi-account and AWS Organizations supIntegration with AWS Organizations allows you to automatically enable any account in your organization with Security Hub and the AWS Foundational Security Best Practices standard. port

From anIntegration with AWS Organizations allows you to automatically enable any account in your organization with Security Hub and the AWS Foundational Security Best Practices standard.  administrator account, you can enable your security team to see consolidated findings for all accounts, while individual account owners see only findings associated with their acc

Security scores and summary dashboards

AWS Security Hub provides a simple 0-100 security score for each standard, for each account across all enabled standards, and a total score for all accounts associated with your administrator account. This score is based on the number of controls passed vs. failed for a standard, history, and/or organization.

Filtering, grouping, and saved searches for your findings

You can filter findings based on fields in the AWS Security Finding Format and use GroupBy statements to aggregate findings into buckets.  You can decide to show only Critical or High severity findings and then group them by resource IDs to see which resources have the most critical or high findings.

Related Integrations