AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-06-19 · Documentation low

File: securityhub/latest/userguide/dashboard.md

Summary

Updated documentation to reflect Security Hub CSPM branding, added new risk/threat summary widgets, clarified dashboard functionality, and expanded security coverage details

Security assessment

Changes focus on documenting new CSPM-related security features like risk/threat summary widgets, attack sequence monitoring via GuardDuty integration, and security coverage controls. While these enhance security visibility, there's no evidence of addressing a specific vulnerability or incident.

Diff

diff --git a/securityhub/latest/userguide/dashboard.md b/securityhub/latest/userguide/dashboard.md
index b2cde9677..d60b6fdb2 100644
--- a//securityhub/latest/userguide/dashboard.md
+++ b//securityhub/latest/userguide/dashboard.md
@@ -3 +3 @@
-[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html)
+[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html)
@@ -5 +5 @@
-Available widgets for the Summary dashboard
+The risk summary widget  The threat summary widget  The security coverage widget Available widgets for the Summary dashboard
@@ -7 +7 @@ Available widgets for the Summary dashboard
-# Working with the Summary dashboard in Security Hub
+#  Working with the dashboard in Security Hub CSPM 
@@ -9 +9 @@ Available widgets for the Summary dashboard
-On the AWS Security Hub console, the dashboard on the **Summary** page can help you identify areas of security concern in your AWS environment, without the need for additional analytics tools or complex queries. You can customize the dashboard layout, add or remove widgets, and filter the data to focus on areas of particular interest. You can also save your filter criteria as a filter set to quickly retrieve specific types of data in the future.
+The **Summary** page in the Security Hub console shows a summary of your risks, attack sequences, and security coverage. This page helps you identify risks and attack sequences based on their severity and the account coverage for different security capabilities. You can customize this page by adding and removing different security widgets and setting a filter criteria to retrieve specific types of data. 
@@ -11 +11 @@ On the AWS Security Hub console, the dashboard on the **Summary** page can help
-If you customize the dashboard or filter the data, Security Hub automatically saves your settings for subsequent use. In addition, the settings are saved independently for each user of your Security Hub account. This means that different users can have different layouts, widgets, and filter sets for the dashboard.
+Customizations to this page are saved for future use. If users in your account customize this page, their customization preferences are saved independently from your customization preferences. 
@@ -13 +13 @@ If you customize the dashboard or filter the data, Security Hub automatically sa
-Each time you open the **Summary** dashboard, Security Hub automatically refreshes most dashboard data. However, some of the data is updated less frequently. For example, security scores and control statuses are updated every 24 hours.
+If your account is the delegated administrator account for an organization, the data includes findings for your account and member accounts. If you your account is a member account or a standalone account, the data only includes findings for your account. 
@@ -15 +15,15 @@ Each time you open the **Summary** dashboard, Security Hub automatically refresh
-If you configured a cross-Region aggregation Region for Security Hub, your dashboard data includes findings from the aggregation Region and all linked Regions. If you're the delegated Security Hub administrator for an organization, the data includes findings for your administrator account and your member accounts. You can optionally filter the data by account. If you have a member account or a standalone account, the data includes findings only for your account.
+If you configure cross-Region aggregation in Security Hub CSPM, this page shows findings from your aggregation 
+
+###### Note
+
+Every time you open this page, it automatically refreshes. However, security scores and control statuses refresh every 24 hours. 
+
+##  The risk summary widget 
+
+This widget shows all of your risks based on severity. Risks with greater severity appear first. Risks are based on an analysis of findings and traits from Security Hub CSPM and other AWS services. 
+
+##  The threat summary widget 
+
+This widget shows all of your attack sequences based on severity. Attack sequences with greater severity appear first. Attack sequences are related to a series of events and identify potential threats in your environment. They also originate in GuardDuty. 
+
+##  The security coverage widget 
@@ -26,0 +41,20 @@ By default, the **Summary** dashboard includes the following widgets:
+**Top threat sequences**
+    
+
+Displays the highest severity threat sequences. Threat sequence findings, known as _attack sequence findings_ in Amazon GuardDuty, correlate multiple events to identify potential threats to your AWS environment. Threat sequences may include in-progress or recent attack behaviors (within a 24-hour time window) in your environment, which may in turn lead to further compromise. You must have GuardDuty and GuardDuty S3 Protection enabled to receive threat sequence findings in Security Hub CSPM.
+
+**Top risks**
+    
+
+Displays a summary of the top risks in your environment. The top of the widget shows you the count of risks at each severity level. You can choose a severity level to go to the **Risks** page with risks filtered to the selected severity level. Risks that have the most occurrences in your environment appear first. This widget helps you prioritize which risks to mitigate.
+
+**Security coverage**
+    
+
+Summarizes the extent of your security coverage, based on coverage control findings. Coverage controls check whether a specific AWS service and its capabilities are enabled (for example, [[Macie.1] Amazon Macie should be enabled](./macie-controls.html#macie-1)). This widget helps you ensure that you have `PASSED` findings for coverage controls. The Security Hub CSPM console provides links from this widget to help you enable missing security capabilities. We recommend using central configuration to enable missing security capabilities across multiple AWS accounts and AWS Regions. For more information, see [Understanding central configuration in Security Hub CSPM](./central-configuration-intro.html).
+
+**Security standards**
+    
+
+Displays your most recent summary security score and the security score for each Security Hub CSPM standard. Security scores, which range from 0–100 percent, represent the proportion of passed controls relative to all of your enabled controls. For more information about these scores, see [Method of calculating security scores](./standards-security-score.html#standard-security-score-calculation). This widget helps you understand your overall security posture.
+
@@ -30 +64 @@ By default, the **Summary** dashboard includes the following widgets:
-Displays your most recent summary security score and the security score for each Security Hub standard. Security scores, which range from 0–100 percent, represent the proportion of passed controls relative to all of your enabled controls. For more information about these scores, see [Method of calculating security scores](./standards-security-score.html#standard-security-score-calculation). This widget helps you understand your overall security posture.
+Displays your most recent summary security score and the security score for each Security Hub CSPM standard. Security scores, which range from 0–100 percent, represent the proportion of passed controls relative to all of your enabled controls. For more information about these scores, see [Method of calculating security scores](./standards-security-score.html#standard-security-score-calculation). This widget helps you understand your overall security posture.
@@ -35 +69 @@ Displays your most recent summary security score and the security score for each
-Provides an overview of the resources, accounts, and applications that have the most findings. The list is sorted in descending order by the number of findings. In the widget, each tab shows the top six items in that category, grouped by severity and resource type. If you choose a number in the **Total findings** column, Security Hub opens a page that shows the findings for the asset. This widget helps you quickly identify which of your core assets have potential security threats.
+Provides an overview of the resources, accounts, and applications that have the most findings. The list is sorted in descending order by the number of findings. In the widget, each tab shows the top six items in that category, grouped by severity and resource type. If you choose a number in the **Total findings** column, Security Hub CSPM opens a page that shows the findings for the asset. This widget helps you quickly identify which of your core assets have potential security threats.
@@ -40 +74 @@ Provides an overview of the resources, accounts, and applications that have the
-Shows the total number of findings, grouped by severity, in each AWS Region in which Security Hub is enabled. This widget helps you identify security issues that potentially affect particular Regions. If you open the dashboard in your aggregation Region, this widget helps you monitor potential security issues in each linked Region. 
+Shows the total number of findings, grouped by severity, in each AWS Region in which Security Hub CSPM is enabled. This widget helps you identify security issues that potentially affect particular Regions. If you open the dashboard in your aggregation Region, this widget helps you monitor potential security issues in each linked Region. 
@@ -80 +114 @@ Provides a list of the 10 Amazon Machine Images (AMIs) that have generated the m
-Provides a list of the 10 AWS Identity and Access Management (IAM) users that have generated the most findings. This widget helps you perform administrative and billing tasks. It shows you which users contribute to Security Hub usage the most.
+Provides a list of the 10 AWS Identity and Access Management (IAM) users that have generated the most findings. This widget helps you perform administrative and billing tasks. It shows you which users contribute to Security Hub CSPM usage the most.
@@ -95 +129 @@ Shows a graph of the 10 accounts that have generated the most findings, grouped
-Lists five [Security Hub managed insights](./securityhub-managed-insights.html) and the number of findings that they generated. Insights identify a specific security area that requires attention.
+Lists five [Security Hub CSPM managed insights](./securityhub-managed-insights.html) and the number of findings that they generated. Insights identify a specific security area that requires attention.
@@ -100 +134 @@ Lists five [Security Hub managed insights](./securityhub-managed-insights.html)
-Shows the number of findings that you received in Security Hub from [integrated AWS services](./securityhub-internal-providers.html). It also shows when you most recently received findings from each integrated service. This widget provides consolidated findings data from multiple AWS services. To drill down, choose an integrated service. Security Hub then opens the console for that service.
+Shows the number of findings that you received in Security Hub CSPM from [integrated AWS services](./securityhub-internal-providers.html). It also shows when you most recently received findings from each integrated service. This widget provides consolidated findings data from multiple AWS services. To drill down, choose an integrated service. Security Hub CSPM then opens the console for that service.