AWS Security Hub was integrated by Mindflow to enable users to automate their incident management and better protect their information system.
AWS Security Hub is a cloud security posture management service available as part of the AWS stack. Security Hub enables you to understand your overall security posture via a consolidated security score across all your AWS accounts. It automatically assesses the security of your AWS accounts resources via frameworks such as the AWS Foundational Security Best Practices standard.
It also aggregates all of your security findings from dozens of AWS security services (GuardDuty, Inspector, Macie AWS Config, AWS Partner Network Products) and APN products in a single place and format via the AWS Security Finding Format. It reduces your Mean Time To Remediation (MTTR) with an automated response and remediation support.
Security Hub has out-of-the-box integrations with ticketing, chat, SIEM, SOAR, threat investigation, Governance Risk and Compliance (GRC), and incident management tools to provide a complete security operations workflow.
Automated, continuous security best practice checks
AWS Security Hub provides you with automated security controls called the AWS Foundational Security Best Practices standard that either run continuously whenever changes to the associated resources or on a set periodic schedule. Each control has a specific severity score to help you prioritize your remediation efforts. Security Hub also offers additional standards aligned to industry and regulatory frameworks, such as the PCI DSS and the CIS AWS Foundations Benchmark.
Consolidated findings across AWS services and partner integrations
Security Hub automatically collects and consolidates findings from AWS security services enabled in your environment, such as intrusion detection findings from Amazon GuardDuty, vulnerability scans from Amazon Inspector, Amazon Simple Storage Service (Amazon S3) bucket policy findings from Amazon Macie, publicly accessible and cross-account resources from IAM Access Analyzer, and resources lacking WAF coverage from AWS Firewall Manager. AWS Security Hub consolidates findings from dozens of integrated AWS Partner Network (APN) security solutions.
A single, standardized data format for all of your findings
With the AWS Security Findings Format, all of Security Hub’s integration partners (including both AWS services and external partners) send their findings to Security Hub in a well-typed JSON format consisting of over 1,000 available fields. This means you don’t need to do any parsing and normalization yourself.
Multi-account and AWS Organizations supIntegration with AWS Organizations allows you to automatically enable any account in your organization with Security Hub and the AWS Foundational Security Best Practices standard. port
From anIntegration with AWS Organizations allows you to automatically enable any account in your organization with Security Hub and the AWS Foundational Security Best Practices standard. administrator account, you can enable your security team to see consolidated findings for all accounts, while individual account owners see only findings associated with their acc
Security scores and summary dashboards
AWS Security Hub provides a simple 0-100 security score for each standard, for each account across all enabled standards, and a total score for all accounts associated with your administrator account. This score is based on the number of controls passed vs. failed for a standard, history, and/or organization.
Filtering, grouping, and saved searches for your findings
You can filter findings based on fields in the AWS Security Finding Format and use GroupBy statements to aggregate findings into buckets. You can decide to show only Critical or High severity findings and then group them by resource IDs to see which resources have the most critical or high findings.