Monitoring: AWS Security Hub
AWS Security Hub is a cloud service that helps you manage and reduce threats to your AWS environments. It provides continuous security monitoring, notification, and automation of security configurations.
Why should you monitor AWS Security Hub findings?
The AWS Security Hub continuously checks the compliance of AWS resources. Also, 3rd parties send their security notifications to the AWS Security Hub. It is crucial to be notified about new Security Hub findings immediately to mitigate risks as quickly as possible.
How does monitoring AWS Security Hub work?
Without further ado, marbot notifies you about Security Hub findings and supports the following security standards.
- AWS Foundational Security Best Practices
- CIS AWS Foundations Benchmark
- CIS AWS Foundations Benchmark
- PCI DSS v3.2.1
On top of that, marbot also supports findings from 3rd parties—for example, bucketAV (Antivirus protection for Amazon S3).
Here is what an alert informing you about a Security Hub findings looks like in Microsoft Teams.
And here is the same alert in Slack.
How do you set up monitoring of AWS Security Hub?
marbot works with Slack and Microsoft Teams. Please select your platform and follow the Getting Started guide.
Which events does marbot monitor in detail?
marbot creates EventBridge rules to monitor the following events automatically.
| Event Type | Description |
|---|---|
Security Hub Findings - Imported |
Get alerted in case of new findings with severity >= 70. The workflow status of those findings is set to NOTIFIED in Security Hub. |
Security Hub Insight Results |
Get alerted in case of new insights. |
Chatbot for AWS Monitoring
Configure monitoring for Amazon Web Services: CloudWatch, EC2, RDS, EB, Lambda, and more. Receive and manage alerts via Slack. Solve incidents as a team.
