AWS securityhub documentation change
Summary
Expanded sources for Misconfiguration and Reachability traits to include Amazon GuardDuty findings. Updated Vulnerability trait description to include EC2 Malware findings.
Security assessment
While the changes enhance documentation of security monitoring capabilities by integrating GuardDuty findings, there's no evidence they address specific vulnerabilities. The updates improve awareness of security features rather than patching issues.
Diff
diff --git a/securityhub/latest/userguide/exposure-findings-supported-traits.md b/securityhub/latest/userguide/exposure-findings-supported-traits.md index 7811b0ca3..feefd38fd 100644 --- a//securityhub/latest/userguide/exposure-findings-supported-traits.md +++ b//securityhub/latest/userguide/exposure-findings-supported-traits.md @@ -16,2 +16,2 @@ Assumability | Indicates a resource with vended AWS Identity and Access Manage -Misconfiguration | Indicates a misconfigured resource | Security Hub CSPM control findings | All resource types -Reachability | Indicates open network paths to a resource | Security Hub CSPM control findings and Amazon Inspector network reachability findings | Amazon EC2 instances +Misconfiguration | Indicates a misconfigured resource | AWS Security Hub CSPM control findings, Amazon GuardDuty threat findings, and information about resource confirmation in AWS Config. | All resource types +Reachability | Indicates open network paths to a resource | AWS Security Hub CSPM control findings, Amazon GuardDuty threat findings, and Amazon Inspector network reachability findings. | Amazon EC2 instances, Amazon EKS clusters, Lambda functions, and Amazon S3 buckets @@ -19 +19 @@ Sensitive Data | Indicates that a resource contains sensitive data | Macie s -Vulnerability | Indicates that a resource is exposed to Common Vulnerabilities and Exposure (CVEs) | Amazon Inspector package vulnerability findings | Amazon EC2 instances, Amazon ECS services, Amazon EKS clusters, and Lambda functions +Vulnerability | Indicates that a resource has a weakness which could be exploited by a threat source. | Amazon Inspector package vulnerability findings and Amazon GuardDuty Amazon EC2 Malware findings. | Amazon EC2 instances, Amazon ECS services, Amazon EKS clusters, and Lambda functions