AWS securityhub documentation change
Summary
Added documentation for suppressing coverage findings and updated coverage findings description
Security assessment
The change adds documentation about suppressing coverage findings, which is a security feature allowing users to manage visibility of security gaps. While this relates to security practices, there is no evidence of addressing a specific vulnerability or incident.
Diff
diff --git a/securityhub/latest/userguide/coverage-findings.md b/securityhub/latest/userguide/coverage-findings.md index 3f6e0ed83..fd9e7f889 100644 --- a//securityhub/latest/userguide/coverage-findings.md +++ b//securityhub/latest/userguide/coverage-findings.md @@ -5 +5 @@ -Coverage findings for AWS Security Hub CSPMCoverage findings for Amazon GuardDutyCoverage findings for Amazon InspectorCoverage findings for Amazon Macie +Coverage findings for AWS Security Hub CSPMCoverage findings for Amazon GuardDutyCoverage findings for Amazon InspectorCoverage findings for Amazon MacieSuppressing coverage findings @@ -13 +13 @@ Security Hub is in preview release and is subject to change. -Coverage findings for Security Hub provide visibility into which AWS security features are enabled and where there might be gaps in coverage in a standalone account or across an organization's member accounts. Enabling additional security features will enhance the detection capabilities of Security Hub. Coverage Findings evaluate what GuardDuty, Amazon Inspector, Macie, and Security Hub CSPM features are enabled for an account. These findings appear in the Security Coverage widget on the Security Hub dashboard with the ability to drill down into more detailed views by specific security capability. For the delegated administrator, this widget shows coverage breakdown across all Security Hub enabled member accounts. +Coverage findings for Security Hub provide visibility into which AWS security features are enabled and where there might be gaps in coverage in a standalone account or across an organization's member accounts. Coverage Findings currently support reporting which services and features are enabled for Amazon GuardDuty, Amazon Inspector, Amazon Macie, and AWS Security Hub CSPM. These findings appear in the Security Coverage widget on the Security Hub dashboard with the ability to drill down into more detailed views by specific security capability. @@ -19 +19 @@ Coverage findings for Security Hub provide visibility into which AWS security fe - * Coverage information is not shown for accounts not onboarded to Security Hub + * Coverage information is not shown for accounts not onboarded to Security Hub. @@ -82,0 +83,19 @@ It can take up to 24 hours for updates to Macie automated sensitive data discove +## Suppressing coverage findings + +By default, security coverage findings evaluate which Amazon GuardDuty, Amazon Inspector, Amazon Macie, and AWS Security Hub CSPM features are enabled for an account and Region. If certain security capabilities are not applicable for you or are an accepted risk, you can use the suppression feature to suppress coverage findings similar to all other findings. When a coverage finding is suppressed it will not be included in the coverage calculations within security coverage widget and the widget will display a message of _Coverage for security capabilities has been excluded through suppressed coverage findings_ followed by a count of how many findings have been suppressed. + +###### To suppress a coverage finding in Security Hub + + 1. When viewing the security coverage widget choose the **percent covered** link. + + 2. From the coverage popup choose **View coverage findings**. Each finding with a status of **New** will be a finding that outlines an observed coverage gap. + + 3. Click the checkbox next to each finding that you would like to suppress. + + 4. At the top of the page, choose **Update status** , and then choose **Suppressed**. + + 5. In the **Set status to Suppressed** dialog box, optionally enter a note that details the reason for changing the status. Then choose **Set status**. + + + +