AWS securityhub documentation change
Summary
Updated dashboard documentation with revised widget names, added resource summary widget details, clarified security coverage statuses, and expanded threat summary requirements
Security assessment
Changes clarify security monitoring capabilities (exposure/threat detection, coverage checks) and explicitly document GuardDuty integration requirements for threat data. While security-related features are described, there's no evidence of addressing a specific vulnerability.
Diff
diff --git a/securityhub/latest/userguide/dashboard-v2.md b/securityhub/latest/userguide/dashboard-v2.md index 6cecbddd6..1a8d3d8a6 100644 --- a//securityhub/latest/userguide/dashboard-v2.md +++ b//securityhub/latest/userguide/dashboard-v2.md @@ -5 +5 @@ -The exposure summary widget The threat summary widget The security coverage widget +Exposure summary widget Resource summary widget Security coverage widget Threat summary widget @@ -13 +13 @@ Security Hub is in preview release and is subject to change. -This topic describes the **Summary** dashboard in the Security Hub console. This page shows an overview of your exposures, threats, top resources, and security service coverage across multiple security widgets. These widgets help you visualize exposures and threats by severity and account by security capability. Every time you open this page, data automatically refreshes. +The **Summary** dashboard in the Security Hub console shows an overview of your exposures, resources, threats, and security coverage across multiple security widgets. Data automatically refreshes every time you open the **Summary** dashboard. @@ -15 +15,3 @@ This topic describes the **Summary** dashboard in the Security Hub console. This -You can customize this page by adding and removing different security widgets and setting filter criteria to retrieve specific data in each widget. Customizations to this page are saved for future use. If your account is the delegated administrator account for an organization, customizations are saved independently from member account customizations. +You can customize this page by adding and removing different security widgets and setting filter criteria to retrieve specific data in each widget. Customizations are saved for future use. If your account is the delegated administrator account for an organization, customizations are saved independently from customizations in member accounts. + +If your account is the delegated administrator account for an organization, data includes findings for your account and member accounts. If your account is a member account or a standalone account, data only includes findings for your account. If you configure cross-Region aggregation in Security Hub, the **Summary** dashboard shows findings in your aggregation. @@ -21,3 +23 @@ We recommend that you do not include confidential, sensitive, or personally iden -If your account is the delegated administrator account for an organization, the data includes findings for your account and member accounts. If your account is a member account or a standalone account, the data only includes findings for your account. If you configure cross-Region aggregation in Security Hub, this page shows findings from your aggregation. - -## The exposure summary widget +## Exposure summary widget @@ -25 +25 @@ If your account is the delegated administrator account for an organization, the -This widget shows all of your exposures by severity. You can see the frequency of each exposure in your environment. Exposures with greater severity appear first. Exposures are based on an analysis of findings and traits from Security Hub and other AWS services, such as Amazon Inspector. The list of exposures in this widget is limited to the eight highest exposures with the greatest number of critical findings. If two or more exposures have an equal number of critical findings, the list automatically groups those findings behind more recent critical findings. +This widget shows all of your exposures by severity. An exposure is based on an analysis of findings and traits from Security Hub and other AWS security services, such as Amazon Inspector. You can review the frequency of each exposure in your environment. Exposures with greater severity appear first. The list of exposures in this widget is limited to the eight highest exposures with the greatest number of critical findings. If two or more exposures have an equal number of critical findings, the list automatically groups those findings behind more recent critical findings. @@ -27 +27 @@ This widget shows all of your exposures by severity. You can see the frequency o -## The threat summary widget +## Resource summary widget @@ -29 +29 @@ This widget shows all of your exposures by severity. You can see the frequency o -This widget shows all of your threats by severity. Threats with greater severity appear first. Threats are related to a series of events and identify potential threats in your environment. They also originate in GuardDuty. The list of threats in this widget is limited to the eight threats with the highest severity. If two or more threats are of equal severity, the list automatically groups those findings behind more recent findings. You must enable GuardDuty to receive data in this widget. +This widget shows all of your resources by type and includes the number of findings associated with them. Resources are prioritized by exposures and attack sequences. @@ -31 +31 @@ This widget shows all of your threats by severity. Threats with greater severity -## The security coverage widget +## Security coverage widget @@ -33 +33 @@ This widget shows all of your threats by severity. Threats with greater severity -This widget shows an overview of your security coverage and is based on coverage findings for supported services. It displays which coverage checks passed, failed, or are not available. Not available indicates the coverage check is unable to be completed. This can be caused by a deleted resource or a failing server. +This widget shows an overview of your security coverage and is based on coverage findings for supported AWS security services. It displays which coverage checks **Covered** , **Not covered** , or are **Not available**. **Covered** indicates the coverage check passed. **Not covered** indicates the coverage check failed. **Not available** indicates the coverage check is unable to be completed. This can be caused by a deleted resource or a failing server. @@ -35 +35 @@ This widget shows an overview of your security coverage and is based on coverage -Percentages for coverage checks point to the number of checks that passed and failed. For instance, one coverage check passes, and one coverage check fails. This indicates 50% of your checks passed, and 50% of your checks failed. In some cases, percentages are rounded to the nearest whole number. +Percentages for coverage checks point to the number of checks that passed and failed. For example, one coverage check passes, and one coverage check fails. This indicates 50% of your checks passed, and 50% of your checks failed. In some cases, percentages are rounded to the nearest whole number. @@ -37 +37 @@ Percentages for coverage checks point to the number of checks that passed and fa -Unlike security services such as GuardDuty, Amazon Inspector, and Macie, Security Hub CSPM publishes one coverage finding per account, which is PASS/FAIL depending on the enabled standards, such as PASS if at least 1 standard is enabled. Coverage percentages for Security Hub CSPM are the number of Security Hub CSPM coverage findings that passed to the total number of Security Hub CSPM coverage findings. +Unlike AWS security services such as GuardDuty, Amazon Inspector, and Macie, Security Hub CSPM publishes one coverage finding per account, which is `PASS`/`FAIL` depending on the enabled standards, such as `PASS` if at least 1 standard is enabled. Coverage percentages for Security Hub CSPM are the number of Security Hub CSPM coverage findings that passed to the total number of Security Hub CSPM coverage findings. @@ -42,0 +43,8 @@ We recommend that you do not include confidential, sensitive, or personally iden +## Threat summary widget + +This widget shows all of your threats by severity. A threat refers to malicious activity or suspicious activity that can potentially compromise the security of your environment. You can review the frequency of each threat in your environment. Threats with greater severity appear first. The list of threats in this widget is limited to the eight threats with the highest severity. If two or more threats are of equal severity, the list automatically groups those findings behind more recent findings. + +###### Note + +You must enable GuardDuty to receive threat data in this widget. For more information, see [Getting started with Amazon GuardDuty](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html). + @@ -49 +57 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Viewing a ticket for a ServiceNow ITSM integration +Recommendations