AWS securityhub documentation change
Summary
Updated documentation to reflect rebranding from 'Security Hub' to 'Security Hub CSPM' (Cloud Security Posture Management) across multiple sections, including console references, finding archival reasons, remediation guidance, and control management processes.
Security assessment
Changes primarily involve branding updates and clarifications about CSPM features rather than addressing vulnerabilities. The consolidation features (reducing finding noise through unified controls) are security-related improvements but do not indicate remediation of a specific security flaw. No evidence of patching vulnerabilities or incident response in the diff.
Diff
diff --git a/securityhub/latest/userguide/asff-changes-consolidation.md b/securityhub/latest/userguide/asff-changes-consolidation.md index bae47cf2f..30b14b54d 100644 --- a//securityhub/latest/userguide/asff-changes-consolidation.md +++ b//securityhub/latest/userguide/asff-changes-consolidation.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html) +[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html) @@ -9 +9 @@ Consolidated controls view – ASFF changesConsolidated control findings – ASF -Security Hub offers two types of consolidation: +AWS Security Hub Cloud Security Posture Management (CSPM) offers two types of consolidation: @@ -11 +11 @@ Security Hub offers two types of consolidation: - * **Consolidated controls view (always on; can't be turned off)** – Each control has a single identifier across standards. The **Controls** page of the Security Hub console displays all your controls across standards. + * **Consolidated controls view (always on; can't be turned off)** – Each control has a single identifier across standards. The **Controls** page of the Security Hub CSPM console displays all your controls across standards. @@ -13 +13 @@ Security Hub offers two types of consolidation: - * **Consolidated control findings (can be turned on or off)** – When consolidated control findings is turned on, Security Hub produces a single finding for a security check even when a check is shared across multiple standards. This is intended to reduce finding noise. Consolidated control findings is turned _on_ for you by default if you enabled Security Hub on or after February 23, 2023. Otherwise, it's turned off by default. However, consolidated control findings is turned on in Security Hub member accounts only if it's turned on in the administrator account. If the feature is turned off in the administrator account, it's turned off in member accounts. For instructions on turning on this feature, see [Consolidated control findings](./controls-findings-create-update.html#consolidated-control-findings). + * **Consolidated control findings (can be turned on or off)** – When consolidated control findings is turned on, Security Hub CSPM produces a single finding for a security check even when a check is shared across multiple standards. This is intended to reduce finding noise. Consolidated control findings is turned _on_ for you by default if you enabled Security Hub CSPM on or after February 23, 2023. Otherwise, it's turned off by default. However, consolidated control findings is turned on in Security Hub CSPM member accounts only if it's turned on in the administrator account. If the feature is turned off in the administrator account, it's turned off in member accounts. For instructions on turning on this feature, see [Consolidated control findings](./controls-findings-create-update.html#consolidated-control-findings). @@ -32,2 +32,2 @@ Compliance.AssociatedStandards | Not applicable (new field) | [{"StandardsId": -ProductFields.ArchivalReasons:0/Description | Not applicable (new field) | "The finding is in an ARCHIVED state because consolidated control findings has been turned on or off. This causes findings in the previous state to be archived when new findings are being generated." Describes why Security Hub has archived existing findings. -ProductFields.ArchivalReasons:0/ReasonCode | Not applicable (new field) | "CONSOLIDATED_CONTROL_FINDINGS_UPDATE" Provides the reason why Security Hub has archived existing findings. +ProductFields.ArchivalReasons:0/Description | Not applicable (new field) | "The finding is in an ARCHIVED state because consolidated control findings has been turned on or off. This causes findings in the previous state to be archived when new findings are being generated." Describes why Security Hub CSPM has archived existing findings. +ProductFields.ArchivalReasons:0/ReasonCode | Not applicable (new field) | "CONSOLIDATED_CONTROL_FINDINGS_UPDATE" Provides the reason why Security Hub CSPM has archived existing findings. @@ -35 +35 @@ ProductFields.RecommendationUrl | https://docs.aws.amazon.com/console/securityh -Remediation.Recommendation.Text | "For directions on how to fix this issue, consult the AWS Security Hub PCI DSS documentation." | "For directions on how to correct this issue, consult the AWS Security Hub controls documentation." This field no longer references a standard. +Remediation.Recommendation.Text | "For directions on how to fix this issue, consult the AWS Security Hub Cloud Security Posture Management (CSPM) PCI DSS documentation." | "For directions on how to correct this issue, consult the AWS Security Hub Cloud Security Posture Management (CSPM) controls documentation." This field no longer references a standard. @@ -58 +58 @@ Description | This PCI DSS control checks whether AWS Config is enabled in the -Severity | "Severity": { "Product": 90, "Label": "CRITICAL", "Normalized": 90, "Original": "CRITICAL" } | "Severity": { "Label": "CRITICAL", "Normalized": 90, "Original": "CRITICAL" } Security Hub no longer uses the Product field to describe the severity of a finding. +Severity | "Severity": { "Product": 90, "Label": "CRITICAL", "Normalized": 90, "Original": "CRITICAL" } | "Severity": { "Label": "CRITICAL", "Normalized": 90, "Original": "CRITICAL" } Security Hub CSPM no longer uses the Product field to describe the severity of a finding. @@ -65 +65 @@ ProductFields.StandardsArn | arn:aws:securityhub:::standards/aws-foundational- -ProductFields.StandardsControlArn | arn:aws:securityhub:us-east-1:123456789012:control/aws-foundational-security-best-practices/v/1.0.0/Config.1 | Removed. Security Hub generates one finding for a security check across standards. +ProductFields.StandardsControlArn | arn:aws:securityhub:us-east-1:123456789012:control/aws-foundational-security-best-practices/v/1.0.0/Config.1 | Removed. Security Hub CSPM generates one finding for a security check across standards. @@ -67,2 +67,2 @@ ProductFields.StandardsGuideArn | arn:aws:securityhub:::ruleset/cis-aws-founda -ProductFields.StandardsGuideSubscriptionArn | arn:aws:securityhub:us-east-2:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0 | Removed. Security Hub generates one finding for a security check across standards. -ProductFields.StandardsSubscriptionArn | arn:aws:securityhub:us-east-1:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0 | Removed. Security Hub generates one finding for a security check across standards. +ProductFields.StandardsGuideSubscriptionArn | arn:aws:securityhub:us-east-2:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0 | Removed. Security Hub CSPM generates one finding for a security check across standards. +ProductFields.StandardsSubscriptionArn | arn:aws:securityhub:us-east-1:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0 | Removed. Security Hub CSPM generates one finding for a security check across standards. @@ -73 +73 @@ ProductFields.aws/securityhub/FindingId | arn:aws:securityhub:us-east-1::produ -If you turn on [consolidated control findings](./controls-findings-create-update.html#consolidated-control-findings), Security Hub generates one finding across standards and archives the original findings (separate findings for each standard). To view archived findings, you can visit the **Findings** page of the Security Hub console with the **Record state** filter set to **ARCHIVED** , or use the [`GetFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html) API action. Updates you’ve made to the original findings in the Security Hub console or using the [BatchUpdateFindings](https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html) API won't be preserved in the new findings (if needed, you can recover this data by referring to the archived findings). +If you turn on [consolidated control findings](./controls-findings-create-update.html#consolidated-control-findings), Security Hub CSPM generates one finding across standards and archives the original findings (separate findings for each standard). To view archived findings, you can visit the **Findings** page of the Security Hub CSPM console with the **Record state** filter set to **ARCHIVED** , or use the [`GetFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html) API action. Updates you’ve made to the original findings in the Security Hub CSPM console or using the [BatchUpdateFindings](https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html) API won't be preserved in the new findings (if needed, you can recover this data by referring to the archived findings). @@ -89 +89 @@ Workflow | New failed findings have a default value of `NEW`. New passed findi -Here's a list of generator ID changes for controls when you turn on consolidated control findings. These apply to controls that Security Hub supported as of February 15, 2023. +Here's a list of generator ID changes for controls when you turn on consolidated control findings. These apply to controls that Security Hub CSPM supported as of February 15, 2023. @@ -568 +568 @@ Consolidated controls view and consolidated control findings standardize control -The Security Hub console displays standard-agnostic security control IDs and security control titles, regardless of whether consolidated control findings is turned on or off in your account. However, Security Hub findings contain standard-specific control titles (for PCI and CIS v1.2.0) if consolidated control findings is turned off in your account. In addition, Security Hub findings contain the standard-specific control ID and the security control ID. For more information about how consolidation impacts control findings, see [Samples of control findings in Security Hub](./sample-control-findings.html). +The Security Hub CSPM console displays standard-agnostic security control IDs and security control titles, regardless of whether consolidated control findings is turned on or off in your account. However, Security Hub CSPM findings contain standard-specific control titles (for PCI and CIS v1.2.0) if consolidated control findings is turned off in your account. In addition, Security Hub CSPM findings contain the standard-specific control ID and the security control ID. For more information about how consolidation impacts control findings, see [Samples of control findings](./sample-control-findings.html). @@ -572 +572 @@ For controls that are part of [Service-Managed Standard: AWS Control Tower](./se -To disable a security control in Security Hub, you must disable all standard controls that correspond to the security control. The following table shows the mapping of security control IDs and titles to standard-specific control IDs and titles. IDs and titles for controls that belong to the AWS Foundational Security Best Practices v1.0.0 (FSBP) standard are already standard-agnostic. For a mapping of controls to the requirements of Center for Internet Security (CIS) v3.0.0, see [Mapping of controls to CIS requirements in each version](./cis-aws-foundations-benchmark.html#cis-version-comparison). +To disable a security control in Security Hub CSPM, you must disable all standard controls that correspond to the security control. The following table shows the mapping of security control IDs and titles to standard-specific control IDs and titles. IDs and titles for controls that belong to the AWS Foundational Security Best Practices (FSBP) standard are already standard-agnostic. For a mapping of controls to the requirements of Center for Internet Security (CIS) v3.0.0, see [Mapping of controls to CIS requirements in each version](./cis-aws-foundations-benchmark.html#cis-version-comparison). @@ -716 +716 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Finding format +Finding format: ASFF