AWS securityhub documentation change
Summary
Updated documentation to reflect rebranding from 'Security Hub' to 'Security Hub CSPM' (Cloud Security Posture Management) throughout the document, including updated links and terminology
Security assessment
The changes primarily involve branding updates and terminology clarification (adding CSPM references) rather than addressing security vulnerabilities or introducing new security features. No security patches, vulnerability disclosures, or new security capabilities are mentioned in the diff.
Diff
diff --git a/securityhub/latest/userguide/custom-control-parameters.md b/securityhub/latest/userguide/custom-control-parameters.md index 3300b1ca2..ade4e8792 100644 --- a//securityhub/latest/userguide/custom-control-parameters.md +++ b//securityhub/latest/userguide/custom-control-parameters.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html) +[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html) @@ -7 +7 @@ Effect of modifying control parameter valuesControls that support custom paramet -# Understanding control parameters in Security Hub +# Understanding control parameters in Security Hub CSPM @@ -9 +9 @@ Effect of modifying control parameter valuesControls that support custom paramet -Some controls in AWS Security Hub use parameters that affect how the control is evaluated. Typically, such controls are evaluated against the default parameter values that Security Hub defines. However, for a subset of these controls, you can modify the parameter values. When you modify a control parameter value, Security Hub starts evaluating the control against the value that you specify. If the resource underlying the control satisfies the custom value, Security Hub generates a `PASSED` finding. If the resource doesn't satisfy the custom value, Security Hub generates a `FAILED` finding. +Some controls in AWS Security Hub Cloud Security Posture Management (CSPM) use parameters that affect how the control is evaluated. Typically, such controls are evaluated against the default parameter values that Security Hub CSPM defines. However, for a subset of these controls, you can modify the parameter values. When you modify a control parameter value, Security Hub CSPM starts evaluating the control against the value that you specify. If the resource underlying the control satisfies the custom value, Security Hub CSPM generates a `PASSED` finding. If the resource doesn't satisfy the custom value, Security Hub CSPM generates a `FAILED` finding. @@ -11 +11 @@ Some controls in AWS Security Hub use parameters that affect how the control is -By customizing control parameters, you can refine the security best practices recommended and monitored by Security Hub to align with your business requirements and security expectations. Instead of suppressing findings for a control, you can customize one or more of its parameters to get findings that suit your security needs. +By customizing control parameters, you can refine the security best practices recommended and monitored by Security Hub CSPM to align with your business requirements and security expectations. Instead of suppressing findings for a control, you can customize one or more of its parameters to get findings that suit your security needs. @@ -38 +38 @@ This section covers things to consider when you modify control parameters. -When you change a parameter value, you also trigger a new security check that evaluates the control based on the new value. Security Hub then generates new control findings based on the new value. During periodic updates to control findings, Security Hub also uses the new parameter value. If you change parameter values for a control, but haven't enabled any standards that include the control, Security Hub doesn't conduct any security checks using the new values. You have to enable at least one relevant standard for Security Hub to evaluate the control based on the new parameter value. +When you change a parameter value, you also trigger a new security check that evaluates the control based on the new value. Security Hub CSPM then generates new control findings based on the new value. During periodic updates to control findings, Security Hub CSPM also uses the new parameter value. If you change parameter values for a control, but haven't enabled any standards that include the control, Security Hub CSPM doesn't conduct any security checks using the new values. You have to enable at least one relevant standard for Security Hub CSPM to evaluate the control based on the new parameter value. @@ -61 +61 @@ A control can have one or more customizable parameters. Possible data types for -Custom parameter values apply across your enabled standards. You can't customize the parameters for a control that's not supported in your current Region. For a list of Regional limits for individual controls, see [Regional limits on Security Hub controls](./regions-controls.html). +Custom parameter values apply across your enabled standards. You can't customize the parameters for a control that's not supported in your current Region. For a list of Regional limits for individual controls, see [Regional limits on Security Hub CSPM controls](./regions-controls.html). @@ -63 +63 @@ Custom parameter values apply across your enabled standards. You can't customize -For some controls, acceptable parameter values must fall into a specified range to be valid. In these cases, Security Hub provides the acceptable range. +For some controls, acceptable parameter values must fall into a specified range to be valid. In these cases, Security Hub CSPM provides the acceptable range. @@ -65 +65 @@ For some controls, acceptable parameter values must fall into a specified range -Security Hub chooses default parameter values and might occasionally update them. After you customize a control parameter, its value continues to be the value that you specified for the parameter unless your change it. That is to say, the parameter stops tracking updates to the default Security Hub value, even if the custom value of the parameter matches the current, default value defined by Security Hub. Here's an example for the control **[ACM.1] – Imported and ACM-issued certificates should be renewed after a specified time period** : +Security Hub CSPM chooses default parameter values and might occasionally update them. After you customize a control parameter, its value continues to be the value that you specified for the parameter unless your change it. That is to say, the parameter stops tracking updates to the default Security Hub CSPM value, even if the custom value of the parameter matches the current, default value defined by Security Hub CSPM. Here's an example for the control **[ACM.1] – Imported and ACM-issued certificates should be renewed after a specified time period** : @@ -80 +80 @@ Security Hub chooses default parameter values and might occasionally update them -In the preceding example, the `daysToExpiration` parameter has a custom value of `30`. The current default value for this parameter is also `30`. If Security Hub changes the default value to `14`, the parameter in this example won't track that change. It will retain a value of `30`. +In the preceding example, the `daysToExpiration` parameter has a custom value of `30`. The current default value for this parameter is also `30`. If Security Hub CSPM changes the default value to `14`, the parameter in this example won't track that change. It will retain a value of `30`. @@ -82 +82 @@ In the preceding example, the `daysToExpiration` parameter has a custom value of -If you want to track updates to the default Security Hub value for a parameter, set the `ValueType` field to `DEFAULT` instead of `CUSTOM`. For more information, see [Reverting to default control parameters in a single account and Region](./revert-default-parameter-values.html#revert-default-parameter-values-local-config). +If you want to track updates to the default Security Hub CSPM value for a parameter, set the `ValueType` field to `DEFAULT` instead of `CUSTOM`. For more information, see [Reverting to default control parameters in a single account and Region](./revert-default-parameter-values.html#revert-default-parameter-values-local-config). @@ -86 +86 @@ If you want to track updates to the default Security Hub value for a parameter, -For a list of security controls that support custom parameters, see the **Controls** page of the Security Hub console or the [Security Hub controls reference](./securityhub-controls-reference.html). To retrieve this list programmatically, you can use the [ListSecurityControlDefinitions](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListSecurityControlDefinitions.html) operation. In the response, the `CustomizableProperties` object indicates which controls support customizable parameters. +For a list of security controls that support custom parameters, see the **Controls** page of the Security Hub CSPM console or the [Control reference for Security Hub CSPM](./securityhub-controls-reference.html). To retrieve this list programmatically, you can use the [ListSecurityControlDefinitions](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListSecurityControlDefinitions.html) operation. In the response, the `CustomizableProperties` object indicates which controls support customizable parameters.