< Back

Monitoring: AWS Security Hub

AWS Security Hub is a cloud service that helps you manage and reduce threats to your AWS environments. It provides continuous security monitoring, notification, and automation of security configurations.

Why should you monitor AWS Security Hub findings?

The AWS Security Hub continuously checks the compliance of AWS resources. Also, 3rd parties send their security notifications to the AWS Security Hub. It is crucial to be notified about new Security Hub findings immediately to mitigate risks as quickly as possible.

Monitoring: AWS Security Hub

How does monitoring AWS Security Hub work?

Without further ado, marbot notifies you about Security Hub findings and supports the following security standards.

  • AWS Foundational Security Best Practices
  • CIS AWS Foundations Benchmark
  • CIS AWS Foundations Benchmark
  • PCI DSS v3.2.1

On top of that, marbot also supports findings from 3rd parties—for example, bucketAV (Antivirus protection for Amazon S3).

Here is what an alert informing you about a Security Hub findings looks like in Microsoft Teams.

Security Hub finding in Microsoft Teams

And here is the same alert in Slack.

Security Hub finding in Microsoft Teams

How do you set up monitoring of AWS Security Hub?

marbot works with Slack and Microsoft Teams. Please select your platform and follow the Getting Started guide.

Which events does marbot monitor in detail?

marbot creates EventBridge rules to monitor the following events automatically.

Event Type Description
Security Hub Findings - Imported Get alerted in case of new findings with severity >= 70. The workflow status of those findings is set to NOTIFIED in Security Hub.
Security Hub Insight Results Get alerted in case of new insights.

More help needed? Or want to share feedback?

If you experience any issues, let us know.

E-mail icon
marbot teaser

Chatbot for AWS Monitoring

Configure monitoring for Amazon Web Services: CloudWatch, EC2, RDS, EB, Lambda, and more. Receive and manage alerts via Slack. Solve incidents as a team.

Add to Slack
Microsoft Teams
Add to Teams