AWS securityhub documentation change
Summary
Updated product references from 'Security Hub' to 'Security Hub CSPM' throughout the document, including API and console references. Added Cloud Security Posture Management (CSPM) terminology and updated links.
Security assessment
The changes primarily involve rebranding/renaming updates to include 'CSPM' (Cloud Security Posture Management) terminology. No specific security vulnerabilities, mitigations, or new security features are documented. The updates appear to clarify product positioning rather than address security issues or introduce new security capabilities.
Diff
diff --git a/securityhub/latest/userguide/securityhub-findings.md b/securityhub/latest/userguide/securityhub-findings.md index 0976baef4..86a66778c 100644 --- a//securityhub/latest/userguide/securityhub-findings.md +++ b//securityhub/latest/userguide/securityhub-findings.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html) +[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html) @@ -5 +5 @@ -# Creating and updating findings in Security Hub +# Creating and updating findings in Security Hub CSPM @@ -7 +7 @@ -In AWS Security Hub, a finding is an observable record of a security check or security-related detection. +In AWS Security Hub Cloud Security Posture Management (CSPM), a _finding_ is an observable record of a security check or security-related detection. @@ -9 +9 @@ In AWS Security Hub, a finding is an observable record of a security check or se -A finding can originate from one of the following sources in Security Hub: +A finding can originate from one of the following sources in Security Hub CSPM: @@ -11 +11 @@ A finding can originate from one of the following sources in Security Hub: - * Security check of an enabled control in Security Hub + * Security check of an enabled control in Security Hub CSPM @@ -22 +22 @@ A finding can originate from one of the following sources in Security Hub: -After a finding is created, the finding provider or a Security Hub user can update it as follows: +After a finding is created, the finding provider or a Security Hub CSPM user can update it as follows: @@ -24 +24 @@ After a finding is created, the finding provider or a Security Hub user can upda - * The finding provider can use the [BatchImportFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) operation of the Security Hub API to update the general information about a finding. Finding providers can only update findings that they created. + * The finding provider can use the [BatchImportFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) operation of the Security Hub CSPM API to update the general information about a finding. Finding providers can only update findings that they created. @@ -26 +26 @@ After a finding is created, the finding provider or a Security Hub user can upda - * The customer can use the [BatchUpdateFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html) operation of the Security Hub API to update the status of the investigation into a finding. `BatchUpdateFindings` can also be used by a ticketing, incident management, orchestration, remediation, or SIEM tool on behalf of the customer. + * The customer can use the [BatchUpdateFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html) operation of the Security Hub CSPM API to update the status of the investigation into a finding. `BatchUpdateFindings` can also be used by a ticketing, incident management, orchestration, remediation, or SIEM tool on behalf of the customer. @@ -28 +28 @@ After a finding is created, the finding provider or a Security Hub user can upda -Customers can also update findings on the Security Hub console. +Customers can also update findings on the Security Hub CSPM console. @@ -33 +33 @@ Customers can also update findings on the Security Hub console. -Security Hub normalizes findings from all sources into a standard syntax and format called the AWS Security Finding Format (ASFF). For more information about ASFF, see [AWS Security Finding Format (ASFF)](./securityhub-findings-format.html). +Security Hub CSPM normalizes findings from all sources into a standard syntax and format called the AWS Security Finding Format (ASFF). For more information about ASFF, see [AWS Security Finding Format (ASFF)](./securityhub-findings-format.html). @@ -35 +35 @@ Security Hub normalizes findings from all sources into a standard syntax and for -Security Hub automatically deletes findings that weren't updated in the past 90 days. Specifically, Security Hub retains an existing finding in an account for 90 days after the most recent value of the `UpdatedAt` ASFF field. The finding is retained for 90 days after this date even if Security Hub is disabled. At the end of this 90 day period, Security Hub permanently deletes the finding from the account. Finding providers can change the value of the `UpdatedAt` field by using the [BatchImportFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) operation of the Security Hub API to update a finding. +Security Hub CSPM automatically deletes findings that weren't updated in the past 90 days. Specifically, Security Hub CSPM retains an existing finding in an account for 90 days after the most recent value of the `UpdatedAt` ASFF field. The finding is retained for 90 days after this date even if Security Hub CSPM is disabled. At the end of this 90 day period, Security Hub CSPM permanently deletes the finding from the account. Finding providers can change the value of the `UpdatedAt` field by using the [BatchImportFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) operation of the Security Hub CSPM API to update a finding. @@ -37 +37 @@ Security Hub automatically deletes findings that weren't updated in the past 90 -If you enable cross-Region aggregation, then Security Hub automatically aggregates new and updated findings from the linked Regions to the aggregation Region. For more information, see [Understanding cross-Region aggregation in Security Hub](./finding-aggregation.html). +If you enable cross-Region aggregation, then Security Hub CSPM automatically aggregates new and updated findings from the linked Regions to the aggregation Region. For more information, see [Understanding cross-Region aggregation in Security Hub CSPM](./finding-aggregation.html).