AWS Security Hub
💡 Definition
AWS Security Hub provides a comprehensive view of your security alerts and security posture across your AWS accounts. It collects security data from across AWS services, and optionally from AWS Partner Network (APN) solutions, and helps you analyze your security trends and identify the highest priority security issues.
🔑 Key Concepts
- Centralized Security View: Aggregates, organizes, and prioritizes security alerts (findings) from multiple AWS services (like Amazon Inspector, Amazon GuardDuty, AWS Config, Amazon Macie) and integrated third-party products.
- Automated Security Checks: Continuously monitors your AWS environment using automated security checks based on AWS best practices and industry standards (e.g., CIS AWS Foundations Benchmark, PCI DSS).
- Severity Scoring: Prioritizes findings using a normalized severity score to help identify the most critical issues.
- Integration: Integrates with services like Amazon CloudWatch Events (now EventBridge) for automated remediation actions.
⚙️ How it Works
Security Hub acts as a central dashboard. When enabled, it automatically ingests findings from integrated AWS services and partner solutions. It then runs automated checks against security best practices and compliance standards, generating additional findings. All findings are normalized to a standard format (AWS Security Finding Format - ASFF) and presented in a dashboard for easy review and action.
🎯 Use Cases
- Consolidated Security Posture: Gaining a single pane of glass for security across multiple accounts and services.
- Automated Compliance Auditing: Continuously checking for compliance with various security standards.
- Prioritizing Remediation: Focusing security teams on the most critical threats and misconfigurations.
💰 Pricing Model
- Findings Ingestion: Charged based on the number of security findings ingested and analyzed per month.
📝 Exam Tips (CLF-C02)
- Keywords: "Centralized security alerts", "Security posture", "Automated security checks", "Compliance standards".
- Think of it as the "single pane of glass" for security within AWS.
- Aggregates findings from various security services.
See Also: * Amazon Inspector * AWS Config * EventBridge * Shared Responsibility Model