AWS securityhub documentation change
Summary
Updated documentation to consistently reference 'Security Hub CSPM' instead of generic 'Security Hub' terminology throughout the file, including API references and CloudTrail integration details
Security assessment
The changes focus on documenting Cloud Security Posture Management (CSPM) features within Security Hub, which is a security-focused capability. However, there is no evidence of addressing a specific vulnerability or security incident - this appears to be documentation refinement for a security feature rather than a security fix.
Diff
diff --git a/securityhub/latest/userguide/securityhub-ct.md b/securityhub/latest/userguide/securityhub-ct.md index 97531ffbd..ebcb6cd0e 100644 --- a//securityhub/latest/userguide/securityhub-ct.md +++ b//securityhub/latest/userguide/securityhub-ct.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html) +[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html) @@ -5 +5 @@ -Security Hub information in CloudTrailExample: Security Hub log file entries +Security Hub CSPM information in CloudTrailExample: Security Hub CSPM log file entries @@ -7 +7 @@ Security Hub information in CloudTrailExample: Security Hub log file entries -# Logging Security Hub API calls with CloudTrail +# Logging Security Hub CSPM API calls with CloudTrail @@ -9 +9 @@ Security Hub information in CloudTrailExample: Security Hub log file entries -AWS Security Hub is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Security Hub. CloudTrail captures API calls for Security Hub as events. The captured calls include calls from the Security Hub console and code calls to the Security Hub API operations. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Security Hub. If you don't configure a trail, you can still view the most recent events on the CloudTrail console in **Event history**. Using the information that CloudTrail collects, you can determine the request that was made to Security Hub, the IP address that the request was made from, who made the request, when it was made, and additional details. +AWS Security Hub Cloud Security Posture Management (CSPM) is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Security Hub CSPM. CloudTrail captures API calls for Security Hub CSPM as events. The captured calls include calls from the Security Hub CSPM console and code calls to the Security Hub CSPM API operations. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Security Hub CSPM. If you don't configure a trail, you can still view the most recent events on the CloudTrail console in **Event history**. Using the information that CloudTrail collects, you can determine the request that was made to Security Hub CSPM, the IP address that the request was made from, who made the request, when it was made, and additional details. @@ -13 +13 @@ To learn more about CloudTrail, including how to configure and enable it, see th -## Security Hub information in CloudTrail +## Security Hub CSPM information in CloudTrail @@ -15 +15 @@ To learn more about CloudTrail, including how to configure and enable it, see th -CloudTrail is enabled on your AWS account when you create the account. When supported event activity occurs in Security Hub, that activity is recorded in a CloudTrail event along with other AWS service events in **Event history**. You can view, search, and download recent events in your account. For more information, see [Viewing events with CloudTrail event history](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html). +CloudTrail is enabled on your AWS account when you create the account. When supported event activity occurs in Security Hub CSPM, that activity is recorded in a CloudTrail event along with other AWS service events in **Event history**. You can view, search, and download recent events in your account. For more information, see [Viewing events with CloudTrail event history](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html). @@ -17 +17 @@ CloudTrail is enabled on your AWS account when you create the account. When supp -For an ongoing record of events in your account, including events for Security Hub, create a trail. A _trail_ enables CloudTrail to deliver log files to an Amazon S3 bucket. By default, when you create a trail on the console, the trail applies to all AWS Regions. The trail logs events from all Regions in the AWS partition and delivers the log files to the Amazon S3 bucket that you specify. Additionally, you can configure other AWS services to further analyze and act upon the event data collected in CloudTrail logs. For more information, see the following: +For an ongoing record of events in your account, including events for Security Hub CSPM, create a trail. A _trail_ enables CloudTrail to deliver log files to an Amazon S3 bucket. By default, when you create a trail on the console, the trail applies to all AWS Regions. The trail logs events from all Regions in the AWS partition and delivers the log files to the Amazon S3 bucket that you specify. Additionally, you can configure other AWS services to further analyze and act upon the event data collected in CloudTrail logs. For more information, see the following: @@ -30 +30 @@ For an ongoing record of events in your account, including events for Security H -Security Hub supports logging all of the Security Hub API actions as events in CloudTrail logs. To view a list of Security Hub operations, see the [Security Hub API Reference](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html). +Security Hub CSPM supports logging all of the Security Hub CSPM API actions as events in CloudTrail logs. To view a list of Security Hub CSPM operations, see the [Security Hub CSPM API Reference](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html). @@ -60 +60 @@ For more information, see the [CloudTrail userIdentity element](https://docs.aws -## Example: Security Hub log file entries +## Example: Security Hub CSPM log file entries @@ -64 +64 @@ A trail is a configuration that enables delivery of events as log files to an Am -The following example shows a CloudTrail log entry that demonstrates the `CreateInsight` action. In this example, an insight called `Test Insight` is created. The `ResourceId` attribute is specified as the **Group by** aggregator, and no optional filters for this insight are specified. For more information about insights, see [Viewing insights in Security Hub](./securityhub-insights.html). +The following example shows a CloudTrail log entry that demonstrates the `CreateInsight` action. In this example, an insight called `Test Insight` is created. The `ResourceId` attribute is specified as the **Group by** aggregator, and no optional filters for this insight are specified. For more information about insights, see [Viewing insights in Security Hub CSPM](./securityhub-insights.html).