Check for AWS Security Hub findings in order to identify, analyze and take all the necessary actions to resolve the highest priority security issues within your AWS cloud environment. A Security Hub finding is a potential security risk such as a wide open port like TCP port 22 (SSH) or an AWS root user that is not configured to use Multi-Factor Authentication (MFA) during login. Amazon Security Hub collects, organizes and prioritizes security findings from supported AWS and third-party services, as well as generating its own findings as the result of running continuous configuration checks against the conformity rules supported by the industry-accepted best practices such as CIS AWS Foundations Benchmark – a set of security configuration best practices for Amazon Web Services. The Security Hub service aggregates findings from native AWS services enabled in your account(s), such as vulnerability scans from AWS Inspector service, intrusion detection findings from AWS GuardDuty and sensitive data identification findings from AWS Macie. In addition, to eliminate the need for time-consuming data conversion processes, Amazon Security Hub consumes your security findings using a standard findings format called AWS Finding Format, then correlates the findings across providers to prioritize the most important ones. In the end your security findings can be sent to a ticketing system like Atlassian Jira, to an email address or to an auto-remediation function provided by Cloud Conformity platform.
Amazon Security Hub brings together your findings to show you the current security and compliance status of your AWS cloud environment in one place. With AWS Security Hub findings you can greatly reduce the effort of collecting and prioritizing security findings across AWS accounts, from native AWS services (i.e. Amazon GuardDuty, Inspector and Macie) and third-party provider tools, and reduce the time needed for remediation tasks.
Note 1: AWS Security Hub can detect only the security findings that were generated after the service was enabled in your AWS account(s).
Note 2: As example, this conformity rule demonstrates how to analyze and solve a Security Hub findings detected by Amazon Inspector after evaluating an EC2 security group that has TCP port 21 (FTP), wide open (0.0.0.0/0) and reachable from the Internet.
To check for Amazon Security Hub findings within your AWS account(s), perform the following:
To solve the security issue associated with your Amazon Security Hub finding as described by the remediation recommendation provided by the finding (in this case updating an EC2 security group to remove inbound access on TCP port 21), perform the following: