© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Hands-on with AWS Security Hub
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AgendaSecurity Hub Overview
Inbound Integrations
Outbound Integrations – Taking action
Workshop details
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security and Compliance Challenges
Backlog of Compliance
requirementsComplexity
Signal to Noise Ratio
Lack of an Integrated View
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security Hub overview
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Partner integrationsFirewalls
Vulnerability
SOAR
SIEM
Endpoint
Compliance
MSSP
Other
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Partner integrations – into Security Hub
AWS Security Hub Customer Account
Partner Account
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
You can create your own findings
AWS Security Hub
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Setup and multi-account
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security and Compliance checks
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Findings
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Insights
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Hub Information Flows
And more to come…
Plus dozens of others…
Plus dozens of others…
Findings
Findings
Secu
rity
Chec
ks Investigations
Remediation Actions
Findings Findings
Taking Action Partners
Plus many others…
Findings
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Taking action with Security Hub
AWS Security Hub Amazon CloudWatch Events
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Taking action on all findings
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Event pattern examples{
“source”: [
“aws.securityhub”
],
“detail-type”: [
“Security Hub Findings - Imported”
],
“detail”: {
“findings”: {
“Resources”: {
“Tags”: {
“Environment”: [
“PCI”
]
}
}
}
}
}
Filter by tags
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Event pattern examples{
“source”: [
“aws.securityhub”
],
“detail-type”: [
“Security Hub Findings - Imported”
],
“detail”: {
“findings”: {
“Severity”: {
“Normalized”: [
{
"numeric": [
">=",
90
]
}
]
}}}}
Filter by severity
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Custom actions in Security Hub
RuleEvent
{"source": ["aws.securityhub"
],detail-type": ["Security Hub Findings - Custom Action"
],"resources": ["arn:aws:securityhub:us-west-
2:xxxxxxxxxxxx:action/custom/send_to_email"]
}
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Custom actions in Security Hub
RuleEvent
RuleEvent
RuleEvent
Run command
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
High level view of the workshop
ü Tour of Security Hub
ü Create custom insights and custom findings
ü Implement custom actions and remediation
ü Implement finding enrichment and notification
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Tour Security Hub
Guide on key features of Security Hub
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Create custom insights and custom findings
Identify non-compliant instances via AWS Config Rules, create and visualize findings in Security Hub.
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Implement custom actions and remediation
Custom lambda function to isolate an EC2 instance
Deploy remediation playbooks for CIS Benchmarks
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Implement finding enrichment and notification
Post Security Hub findings into a Slack
Custom action to add EC2 Tags to finding notes
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Have FunAsk Questions
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Workshop Guide
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
https://github.com/aws-samples/aws-security-hub-workshop/blob/master/docs/index.md