AWS securityhub documentation change
Summary
Updated terminology and references from 'Security Hub' to 'Security Hub CSPM' throughout the document, emphasizing Cloud Security Posture Management (CSPM) integration. Added CSPM-specific context to concepts like accounts, findings, controls, and aggregation.
Security assessment
The changes introduce CSPM terminology and clarify security posture management features, but there is no evidence of addressing a specific security vulnerability. The updates enhance documentation about existing security features rather than patching issues.
Diff
diff --git a/securityhub/latest/userguide/securityhub-concepts.md b/securityhub/latest/userguide/securityhub-concepts.md index 610c8000f..07016786f 100644 --- a//securityhub/latest/userguide/securityhub-concepts.md +++ b//securityhub/latest/userguide/securityhub-concepts.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html) +[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html) @@ -5 +5 @@ -# Security Hub concepts +# Concepts and terminology in Security Hub CSPM @@ -7 +7 @@ -This topic describes the key concepts and terminology in AWS Security Hub to help you get started with the service. +In AWS Security Hub Cloud Security Posture Management (CSPM), we build on common AWS concepts and terminology and use these additional terms. @@ -12 +12 @@ This topic describes the key concepts and terminology in AWS Security Hub to hel -A standard Amazon Web Services (AWS) account that contains your AWS resources. You can sign in to AWS with your account and enable Security Hub. +A standard Amazon Web Services (AWS) account that contains your AWS resources. You can sign in to AWS with your account and enable Security Hub CSPM. @@ -14 +14 @@ A standard Amazon Web Services (AWS) account that contains your AWS resources. Y -An account can invite other accounts to enable Security Hub and become associated with that account in Security Hub. Accepting a membership invitation is optional. If the invitations are accepted, the account becomes an administrator account, and the added accounts are member accounts. Administrator accounts can view findings in their member accounts. +An account can invite other accounts to enable Security Hub CSPM and become associated with that account in Security Hub CSPM. Accepting a membership invitation is optional. If the invitations are accepted, the account becomes an administrator account, and the added accounts are member accounts. Administrator accounts can view findings in their member accounts. @@ -16 +16 @@ An account can invite other accounts to enable Security Hub and become associate -If you are enrolled in AWS Organizations, then your organization designates a Security Hub administrator account for the organization. The Security Hub administrator account can enable other organization accounts as member accounts. +If you are enrolled in AWS Organizations, then your organization designates a Security Hub CSPM administrator account for the organization. The Security Hub CSPM administrator account can enable other organization accounts as member accounts. @@ -20 +20 @@ An account cannot be both an administrator account and a member account at the s -For more information, see [Managing administrator and member accounts in Security Hub](./securityhub-accounts.html). +For more information, see [Managing administrator and member accounts in Security Hub CSPM](./securityhub-accounts.html). @@ -25 +25 @@ For more information, see [Managing administrator and member accounts in Securit -An account in Security Hub that is granted access to view findings for associated member accounts. +An account in Security Hub CSPM that is granted access to view findings for associated member accounts. @@ -29 +29 @@ An account becomes an administrator account in one of the following ways: - * The account invites other accounts to become associated with it in Security Hub. When those accounts accept the invitation, they become member accounts, and the inviting account becomes their administrator account. + * The account invites other accounts to become associated with it in Security Hub CSPM. When those accounts accept the invitation, they become member accounts, and the inviting account becomes their administrator account. @@ -31 +31 @@ An account becomes an administrator account in one of the following ways: - * The account is designated by an organization management account as the Security Hub administrator account. The Security Hub administrator account can enable any organization account as a member account, and can also invite other accounts to be member accounts. + * The account is designated by an organization management account as the Security Hub CSPM administrator account. The Security Hub CSPM administrator account can enable any organization account as a member account, and can also invite other accounts to be member accounts. @@ -47 +47 @@ In the aggregation Region, the **Security standards** , **Insights** , and **Fin -See [Understanding cross-Region aggregation in Security Hub](./finding-aggregation.html). +See [Understanding cross-Region aggregation in Security Hub CSPM](./finding-aggregation.html). @@ -54 +54 @@ A finding that has a `RecordState` set to `ARCHIVED`. Archiving a finding indica -Finding providers can use the [`BatchImportFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) operation of the Security Hub API to archive findings that they created. Security Hub automatically archives findings for controls if the control is disabled or the associated resource is deleted, based on one of the following criteria. +Finding providers can use the [`BatchImportFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) operation of the Security Hub CSPM API to archive findings that they created. Security Hub CSPM automatically archives findings for controls if the control is disabled or the associated resource is deleted, based on one of the following criteria. @@ -63 +63 @@ Finding providers can use the [`BatchImportFindings`](https://docs.aws.amazon.co -By default, archived findings are excluded from findings lists in the Security Hub console. You can update the filter to include archived findings. +By default, archived findings are excluded from findings lists in the Security Hub CSPM console. You can update the filter to include archived findings. @@ -65 +65 @@ By default, archived findings are excluded from findings lists in the Security H -The [`GetFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html) operation of the Security Hub API returns both active and archived findings. You can include a filter for the record state. +The [`GetFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html) operation of the Security Hub CSPM API returns both active and archived findings. You can include a filter for the record state. @@ -78 +78 @@ The [`GetFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API -A standardized format for the contents of findings that Security Hub aggregates or generates. The AWS Security Finding Format enables you to use Security Hub to view and analyze findings that are generated by AWS security services, third-party solutions, or Security Hub itself from running security checks. For more information, see [AWS Security Finding Format (ASFF)](./securityhub-findings-format.html). +A standardized format for the contents of findings that Security Hub CSPM aggregates or generates. The AWS Security Finding Format enables you to use Security Hub CSPM to view and analyze findings that are generated by AWS security services, third-party solutions, or Security Hub CSPM itself from running security checks. For more information, see [AWS Security Finding Format (ASFF)](./securityhub-findings-format.html). @@ -85 +85 @@ A safeguard or countermeasure prescribed for an information system or an organiz -The term _security control_ refers to controls that have a single control ID and title across standards. The term _standard control_ refers to controls that have standard-specific control IDs and titles. Currently, Security Hub only supports standard controls in the AWS GovCloud (US) Region and China Regions. Security controls are supported in all other Regions. +The term _security control_ refers to controls that have a single control ID and title across standards. The term _standard control_ refers to controls that have standard-specific control IDs and titles. Currently, Security Hub CSPM only supports standard controls in the AWS GovCloud (US) Region and China Regions. Security controls are supported in all other Regions. @@ -90 +90 @@ The term _security control_ refers to controls that have a single control ID and -A Security Hub mechanism for sending selected findings to EventBridge. A custom action is created in Security Hub. It is then linked to an EventBridge rule. The rule defines a specific action to take when a finding is received that is associated with the custom action ID. Custom actions can be used, for example, to send a specific finding, or a small set of findings, to a response or remediation workflow. For more information, see [Creating a custom action](./securityhub-cwe-configure.html). +A Security Hub CSPM mechanism for sending selected findings to EventBridge. A custom action is created in Security Hub CSPM. It is then linked to an EventBridge rule. The rule defines a specific action to take when a finding is received that is associated with the custom action ID. Custom actions can be used, for example, to send a specific finding, or a small set of findings, to a response or remediation workflow. For more information, see [Creating a custom action](./securityhub-cwe-configure.html). @@ -97 +97 @@ In Organizations, the delegated administrator account for a service is able to m -In Security Hub, the Security Hub administrator account is also the delegated administrator account for Security Hub. When the organization management account first designates a Security Hub administrator account, Security Hub calls Organizations to make that account the delegated administrator account. +In Security Hub CSPM, the Security Hub CSPM administrator account is also the delegated administrator account for Security Hub CSPM. When the organization management account first designates a Security Hub CSPM administrator account, Security Hub CSPM calls Organizations to make that account the delegated administrator account. @@ -99 +99 @@ In Security Hub, the Security Hub administrator account is also the delegated ad -The organization management account must then choose the delegated administrator account as the Security Hub administrator account in all Regions. +The organization management account must then choose the delegated administrator account as the Security Hub CSPM administrator account in all Regions. @@ -104 +104 @@ The organization management account must then choose the delegated administrator -The observable record of a security check or security-related detection. Security Hub generates a finding after completing a security check of a control. These are called control findings. Findings may also come from third party product integrations. +The observable record of a security check or security-related detection. Security Hub CSPM generates a finding after completing a security check of a control. These are called control findings. Findings may also come from third party product integrations. @@ -106 +106 @@ The observable record of a security check or security-related detection. Securit -For more information about findings in Security Hub, see [Creating and updating findings in Security Hub](./securityhub-findings.html). +For more information about findings in Security Hub CSPM, see [Creating and updating findings in Security Hub CSPM](./securityhub-findings.html). @@ -117 +117 @@ The aggregation of findings, insights, control compliance statuses, and security -See [Understanding cross-Region aggregation in Security Hub](./finding-aggregation.html). +See [Understanding cross-Region aggregation in Security Hub CSPM](./finding-aggregation.html). @@ -122 +122 @@ See [Understanding cross-Region aggregation in Security Hub](./finding-aggregati -The import of findings into Security Hub from other AWS services and from third-party partner providers. +The import of findings into Security Hub CSPM from other AWS services and from third-party partner providers. @@ -129 +129 @@ Finding ingestion events include both new findings and updates to existing findi -A collection of related findings defined by an aggregation statement and optional filters. An insight identifies a security area that requires attention and intervention. Security Hub offers several managed (default) insights that you can't modify. You can also create custom Security Hub insights to track security issues that are unique to your AWS environment and usage. For more information, see [Viewing insights in Security Hub](./securityhub-insights.html). +A collection of related findings defined by an aggregation statement and optional filters. An insight identifies a security area that requires attention and intervention. Security Hub CSPM offers several managed (default) insights that you can't modify. You can also create custom Security Hub CSPM insights to track security issues that are unique to your AWS environment and usage. For more information, see [Viewing insights in Security Hub CSPM](./securityhub-insights.html). @@ -138 +138 @@ In a linked Region, the **Findings** and **Insights** pages contain findings onl -See [Understanding cross-Region aggregation in Security Hub](./finding-aggregation.html). +See [Understanding cross-Region aggregation in Security Hub CSPM](./finding-aggregation.html). @@ -149 +149 @@ An account becomes a member account in one of the following ways: - * For an organization account, the Security Hub administrator account enables the account as a member account. + * For an organization account, the Security Hub CSPM administrator account enables the account as a member account. @@ -169 +169 @@ A specific point-in-time evaluation of a rule against a single resource resultin -**Security Hub administrator account** +**Security Hub CSPM administrator account** @@ -172 +172 @@ A specific point-in-time evaluation of a rule against a single resource resultin -An organization account that manages Security Hub membership for an organization. +An organization account that manages Security Hub CSPM membership for an organization. @@ -174 +174 @@ An organization account that manages Security Hub membership for an organization -The organization management account designates the Security Hub administrator account in each Region. The organization management account must choose the same Security Hub administrator account in all Regions. +The organization management account designates the Security Hub CSPM administrator account in each Region. The organization management account must choose the same Security Hub CSPM administrator account in all Regions. @@ -176 +176 @@ The organization management account designates the Security Hub administrator ac -The Security Hub administrator account is also the delegated administrator account for Security Hub in Organizations. +The Security Hub CSPM administrator account is also the delegated administrator account for Security Hub CSPM in Organizations. @@ -178 +178 @@ The Security Hub administrator account is also the delegated administrator accou -The Security Hub administrator account can enable any organization account as a member account. The Security Hub administrator account can also invite other accounts to be member accounts. +The Security Hub CSPM administrator account can enable any organization account as a member account. The Security Hub CSPM administrator account can also invite other accounts to be member accounts. @@ -183 +183 @@ The Security Hub administrator account can enable any organization account as a -A published statement on a topic specifying the characteristics, usually measurable and in the form of controls, that must be satisfied or achieved for compliance. Security standards can be based on regulatory frameworks, best practices, or internal company policies. A control may be associated with one or more supported standards in Security Hub. To learn more about security standards in Security Hub, see [Understanding security standards in Security Hub](./standards-view-manage.html). +A published statement on a topic specifying the characteristics, usually measurable and in the form of controls, that must be satisfied or achieved for compliance. Security standards can be based on regulatory frameworks, best practices, or internal company policies. A control may be associated with one or more supported standards in Security Hub CSPM. To learn more about security standards in Security Hub CSPM, see [Understanding security standards in Security Hub CSPM](./standards-view-manage.html). @@ -188 +188 @@ A published statement on a topic specifying the characteristics, usually measura -The severity assigned to a Security Hub control identifies the importance of the control. The severity of a control can be **Critical** , **High** , **Medium** , **Low** , or **Informational**. The severity assigned to control findings is equal to the severity of the control itself. To learn about how Security Hub assigns severity to a control, see [Severity level of control findings](./controls-findings-create-update.html#control-findings-severity). +The severity assigned to a Security Hub CSPM control identifies the importance of the control. The severity of a control can be **Critical** , **High** , **Medium** , **Low** , or **Informational**. The severity assigned to control findings is equal to the severity of the control itself. To learn about how Security Hub CSPM assigns severity to a control, see [Severity level of control findings](./controls-findings-create-update.html#control-findings-severity). @@ -209 +209 @@ For the [`GetFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference -The Security Hub console provides an option to set the workflow status for findings. Customers (or SIEM, ticketing, incident management, or SOAR tools working on behalf of a customer to update findings from finding providers) can also use [`BatchUpdateFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html) to update the workflow status. +The Security Hub CSPM console provides an option to set the workflow status for findings. Customers (or SIEM, ticketing, incident management, or SOAR tools working on behalf of a customer to update findings from finding providers) can also use [`BatchUpdateFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html) to update the workflow status. @@ -217 +217 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -What is AWS Security Hub? +What is AWS Security Hub CSPM? @@ -219 +219 @@ What is AWS Security Hub? -Enabling Security Hub +Enabling Security Hub CSPM