AWS iot-device-defender documentation change
Summary
Updated all references from 'Security Hub' to 'Security Hub CSPM' to reflect integration with Cloud Security Posture Management (CSPM) module. Modified section headers, links, console references, and documentation terminology.
Security assessment
The changes rebrand general Security Hub references to Security Hub CSPM but do not address vulnerabilities, weaknesses, or incident responses. This appears to be a documentation clarification about which Security Hub component is integrated, rather than a security fix or new security feature introduction.
Diff
diff --git a/iot-device-defender/latest/devguide/securityhub-integration.md b/iot-device-defender/latest/devguide/securityhub-integration.md index 6aeb61dca..8caba0e52 100644 --- a//iot-device-defender/latest/devguide/securityhub-integration.md +++ b//iot-device-defender/latest/devguide/securityhub-integration.md @@ -5 +5 @@ -Enabling and configuring the integrationHow AWS IoT Device Defender sends findings to Security HubTypical finding from AWS IoT Device Defender Stopping AWS IoT Device Defender from sending findings to Security Hub +Enabling and configuring the integrationHow AWS IoT Device Defender sends findings to Security Hub CSPMTypical finding from AWS IoT Device Defender Stopping AWS IoT Device Defender from sending findings to Security Hub CSPM @@ -7 +7 @@ Enabling and configuring the integrationHow AWS IoT Device Defender sends findin -# Integration with AWS Security Hub +# Integration with AWS Security Hub CSPM @@ -9 +9 @@ Enabling and configuring the integrationHow AWS IoT Device Defender sends findin -[AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides you with a comprehensive view of your security state in AWS and helps you check your environment against security industry standards and best practices. Security Hub collects security data from across AWS accounts, services, and supported third-party products. You can use Security Hub to analyze your security trends and identify the highest priority security issues. +[AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides you with a comprehensive view of your security state in AWS and helps you check your environment against security industry standards and best practices. Security Hub CSPM collects security data from across AWS accounts, services, and supported third-party products. You can use Security Hub CSPM to analyze your security trends and identify the highest priority security issues. @@ -11 +11 @@ Enabling and configuring the integrationHow AWS IoT Device Defender sends findin -With the AWS IoT Device Defender integration with Security Hub, you can send findings from AWS IoT Device Defender to Security Hub. Security Hub includes those findings in its analysis of your security posture. +With the AWS IoT Device Defender integration with Security Hub CSPM, you can send findings from AWS IoT Device Defender to Security Hub CSPM. Security Hub CSPM includes those findings in its analysis of your security posture. @@ -17 +17 @@ With the AWS IoT Device Defender integration with Security Hub, you can send fin - * [How AWS IoT Device Defender sends findings to Security Hub](./securityhub-integration.html#securityhub-integration-sending-findings) + * [How AWS IoT Device Defender sends findings to Security Hub CSPM](./securityhub-integration.html#securityhub-integration-sending-findings) @@ -23 +23 @@ With the AWS IoT Device Defender integration with Security Hub, you can send fin - * [Retrying when Security Hub isn't available](./securityhub-integration.html#securityhub-integration-retry-send) + * [Retrying when Security Hub CSPM isn't available](./securityhub-integration.html#securityhub-integration-retry-send) @@ -25 +25 @@ With the AWS IoT Device Defender integration with Security Hub, you can send fin - * [Updating existing findings in Security Hub](./securityhub-integration.html#securityhub-integration-finding-updates) + * [Updating existing findings in Security Hub CSPM](./securityhub-integration.html#securityhub-integration-finding-updates) @@ -29 +29 @@ With the AWS IoT Device Defender integration with Security Hub, you can send fin - * [ Stopping AWS IoT Device Defender from sending findings to Security Hub](./securityhub-integration.html#securityhub-integration-disable) + * [ Stopping AWS IoT Device Defender from sending findings to Security Hub CSPM](./securityhub-integration.html#securityhub-integration-disable) @@ -36 +36 @@ With the AWS IoT Device Defender integration with Security Hub, you can send fin -Before you integrate AWS IoT Device Defender with Security Hub, you must first enable Security Hub. For information about how to enable Security Hub, see [Setting up Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html) in the _AWS Security Hub User Guide_. +Before you integrate AWS IoT Device Defender with Security Hub CSPM, you must first enable Security Hub CSPM. For information about how to enable Security Hub CSPM, see [Setting up Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html) in the _AWS Security Hub CSPM User Guide_. @@ -38 +38 @@ Before you integrate AWS IoT Device Defender with Security Hub, you must first e -After you enable both AWS IoT Device Defender and Security Hub, open the [Integrations page in the Security Hub console](https://console.aws.amazon.com//securityhub/home#/integrations), and then choose **Accept findings** for Audit, Detect, or both. AWS IoT Device Defender begins sending findings to Security Hub. +After you enable both AWS IoT Device Defender and Security Hub CSPM, open the [Integrations page in the Security Hub CSPM console](https://console.aws.amazon.com//securityhub/home#/integrations), and then choose **Accept findings** for Audit, Detect, or both. AWS IoT Device Defender begins sending findings to Security Hub CSPM. @@ -40 +40 @@ After you enable both AWS IoT Device Defender and Security Hub, open the [Integr -## How AWS IoT Device Defender sends findings to Security Hub +## How AWS IoT Device Defender sends findings to Security Hub CSPM @@ -42 +42 @@ After you enable both AWS IoT Device Defender and Security Hub, open the [Integr -In Security Hub, security issues are tracked as _findings_. Some findings come from issues that are detected by other AWS services or by third-party products. +In Security Hub CSPM, security issues are tracked as _findings_. Some findings come from issues that are detected by other AWS services or by third-party products. @@ -44 +44 @@ In Security Hub, security issues are tracked as _findings_. Some findings come f -Security Hub provides tools to manage findings from across all of these sources. You can view and filter lists of findings and view details for a finding. For more information, see [Viewing findings](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-viewing.html) in the _AWS Security Hub User Guide_. You can also track the status of an investigation into a finding. For more information, see [Taking action on findings](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-taking-action.html) in the _AWS Security Hub User Guide_. +Security Hub CSPM provides tools to manage findings from across all of these sources. You can view and filter lists of findings and view details for a finding. For more information, see [Viewing findings](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-viewing.html) in the _AWS Security Hub CSPM User Guide_. You can also track the status of an investigation into a finding. For more information, see [Taking action on findings](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-taking-action.html) in the _AWS Security Hub CSPM User Guide_. @@ -46 +46 @@ Security Hub provides tools to manage findings from across all of these sources. -All findings in Security Hub use a standard JSON format called the _AWS Security Finding Format (ASFF)_. The ASFF includes details about the source of the issue, the affected resources, and the current status of the finding. For more information about ASFF, see [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) in the _AWS Security Hub User Guide_. +All findings in Security Hub CSPM use a standard JSON format called the _AWS Security Finding Format (ASFF)_. The ASFF includes details about the source of the issue, the affected resources, and the current status of the finding. For more information about ASFF, see [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) in the _AWS Security Hub CSPM User Guide_. @@ -48 +48 @@ All findings in Security Hub use a standard JSON format called the _AWS Security -AWS IoT Device Defender is one of the AWS services that sends findings to Security Hub. +AWS IoT Device Defender is one of the AWS services that sends findings to Security Hub CSPM. @@ -52 +52 @@ AWS IoT Device Defender is one of the AWS services that sends findings to Securi -After you enable the Security Hub integration, AWS IoT Device Defender Audit sends the findings it generates (called _check summaries_) to Security Hub. Check summaries are general information for a specific audit check type and a specific audit task. For more information, see [Audit checks](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit-checks.html). +After you enable the Security Hub CSPM integration, AWS IoT Device Defender Audit sends the findings it generates (called _check summaries_) to Security Hub CSPM. Check summaries are general information for a specific audit check type and a specific audit task. For more information, see [Audit checks](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit-checks.html). @@ -54 +54 @@ After you enable the Security Hub integration, AWS IoT Device Defender Audit sen -AWS IoT Device Defender Audit sends finding updates to Security Hub for both Audit Check Summaries and Audit Findings in each Audit task. If all resources found in Audit Checks are compliant, or an Audit Task is canceled, Audit updates the Check Summaries in Security Hub to an ARCHIVED record state. If a resource was reported as non-compliant for an Audit Check, but was reported as compliant in the last Audit task, Audit changes it to compliant and also updates the finding in Security Hub to an ARCHIVED record state. +AWS IoT Device Defender Audit sends finding updates to Security Hub CSPM for both Audit Check Summaries and Audit Findings in each Audit task. If all resources found in Audit Checks are compliant, or an Audit Task is canceled, Audit updates the Check Summaries in Security Hub CSPM to an ARCHIVED record state. If a resource was reported as non-compliant for an Audit Check, but was reported as compliant in the last Audit task, Audit changes it to compliant and also updates the finding in Security Hub CSPM to an ARCHIVED record state. @@ -56 +56 @@ AWS IoT Device Defender Audit sends finding updates to Security Hub for both Aud -AWS IoT Device Defender Detect sends violation findings to Security Hub. These violation findings include machine learning (ML), statistical, and static behaviors. +AWS IoT Device Defender Detect sends violation findings to Security Hub CSPM. These violation findings include machine learning (ML), statistical, and static behaviors. @@ -58 +58 @@ AWS IoT Device Defender Detect sends violation findings to Security Hub. These v -To send the findings to Security Hub, AWS IoT Device Defender uses the [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html). In ASFF, the `Types` field provides the finding type. Findings from AWS IoT Device Defender can have the following values for `Types`. +To send the findings to Security Hub CSPM, AWS IoT Device Defender uses the [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html). In ASFF, the `Types` field provides the finding type. Findings from AWS IoT Device Defender can have the following values for `Types`. @@ -72 +72 @@ The finding type for all other Audit checks. -When AWS IoT Device Defender Audit creates a new finding, it's immediately sent to Security Hub after the audit task completes. The latency depends on the volume of the findings generated in the audit task. Security Hub typically receives the findings within one hour. +When AWS IoT Device Defender Audit creates a new finding, it's immediately sent to Security Hub CSPM after the audit task completes. The latency depends on the volume of the findings generated in the audit task. Security Hub CSPM typically receives the findings within one hour. @@ -74 +74 @@ When AWS IoT Device Defender Audit creates a new finding, it's immediately sent -AWS IoT Device Defender Detect sends findings for violations in near real time. After a violation goes into or out of alarm (meaning the alarm is created or deleted), the corresponding Security Hub finding is immediately created or archived. +AWS IoT Device Defender Detect sends findings for violations in near real time. After a violation goes into or out of alarm (meaning the alarm is created or deleted), the corresponding Security Hub CSPM finding is immediately created or archived. @@ -76 +76 @@ AWS IoT Device Defender Detect sends findings for violations in near real time. -### Retrying when Security Hub isn't available +### Retrying when Security Hub CSPM isn't available @@ -78 +78 @@ AWS IoT Device Defender Detect sends findings for violations in near real time. -If Security Hub isn't available, AWS IoT Device Defender Audit and AWS IoT Device Defender Detect retry sending the findings until they're received. +If Security Hub CSPM isn't available, AWS IoT Device Defender Audit and AWS IoT Device Defender Detect retry sending the findings until they're received. @@ -80 +80 @@ If Security Hub isn't available, AWS IoT Device Defender Audit and AWS IoT Devic -### Updating existing findings in Security Hub +### Updating existing findings in Security Hub CSPM @@ -82 +82 @@ If Security Hub isn't available, AWS IoT Device Defender Audit and AWS IoT Devic -After an AWS IoT Device Defender Audit finding is sent to Security Hub, you can identify it by checked resource identifier and audit check type. If a new audit finding is generated with a subsequent audit task for the same resource and audit check, AWS IoT Device Defender Audit sends updates to reflect additional observations of the finding activity to Security Hub. If no additional audit finding is generated with a subsequent audit task for the same resource and audit check, the resource changes to compliant with the audit check. AWS IoT Device Defender Audit then archives the findings in Security Hub. +After an AWS IoT Device Defender Audit finding is sent to Security Hub CSPM, you can identify it by checked resource identifier and audit check type. If a new audit finding is generated with a subsequent audit task for the same resource and audit check, AWS IoT Device Defender Audit sends updates to reflect additional observations of the finding activity to Security Hub CSPM. If no additional audit finding is generated with a subsequent audit task for the same resource and audit check, the resource changes to compliant with the audit check. AWS IoT Device Defender Audit then archives the findings in Security Hub CSPM. @@ -84 +84 @@ After an AWS IoT Device Defender Audit finding is sent to Security Hub, you can -AWS IoT Device Defender Audit also updates check summaries in Security Hub. If there are non-compliant resources found in an audit check or the check fails, the status of the Security Hub finding becomes active. Otherwise, AWS IoT Device Defender Audit archives the finding in Security Hub. +AWS IoT Device Defender Audit also updates check summaries in Security Hub CSPM. If there are non-compliant resources found in an audit check or the check fails, the status of the Security Hub CSPM finding becomes active. Otherwise, AWS IoT Device Defender Audit archives the finding in Security Hub CSPM. @@ -86 +86 @@ AWS IoT Device Defender Audit also updates check summaries in Security Hub. If t -AWS IoT Device Defender Detect creates a Security Hub finding when there's a violation (for example, in-alarm). That finding is updated only if one of the following criteria is met: +AWS IoT Device Defender Detect creates a Security Hub CSPM finding when there's a violation (for example, in-alarm). That finding is updated only if one of the following criteria is met: @@ -88 +88 @@ AWS IoT Device Defender Detect creates a Security Hub finding when there's a vio - * The finding is expiring soon in Security Hub so AWS IoT Device Defender sends an update to keep the finding current. Findings are deleted 90 days after the most recent update or 90 days after the creation date if no update occurs. For more information, see [Security Hub quotas](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub_limits.html) in the _AWS Security Hub User Guide_. + * The finding is expiring soon in Security Hub CSPM so AWS IoT Device Defender sends an update to keep the finding current. Findings are deleted 90 days after the most recent update or 90 days after the creation date if no update occurs. For more information, see [Security Hub CSPM quotas](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub_limits.html) in the _AWS Security Hub CSPM User Guide_. @@ -97 +97 @@ AWS IoT Device Defender Detect creates a Security Hub finding when there's a vio -AWS IoT Device Defender uses the [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) to send findings to Security Hub. +AWS IoT Device Defender uses the [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) to send findings to Security Hub CSPM. @@ -99 +99 @@ AWS IoT Device Defender uses the [AWS Security Finding Format (ASFF)](https://do -The following example shows a typical finding from Security Hub for an audit finding. The `ReportType` in `ProductFields` is `AuditFinding`. +The following example shows a typical finding from Security Hub CSPM for an audit finding. The `ReportType` in `ProductFields` is `AuditFinding`. @@ -168 +168 @@ The following example shows a typical finding from Security Hub for an audit fin -The following example shows a finding from Security Hub for an audit check summary. The `ReportType` in `ProductFields` is `CheckSummary`. +The following example shows a finding from Security Hub CSPM for an audit check summary. The `ReportType` in `ProductFields` is `CheckSummary`. @@ -229 +229 @@ The following example shows a finding from Security Hub for an audit check summa -The following example shows a typical finding from Security Hub for an AWS IoT Device Defender Detect violation. +The following example shows a typical finding from Security Hub CSPM for an AWS IoT Device Defender Detect violation. @@ -301 +301 @@ The following example shows a typical finding from Security Hub for an AWS IoT D -## Stopping AWS IoT Device Defender from sending findings to Security Hub +## Stopping AWS IoT Device Defender from sending findings to Security Hub CSPM @@ -303 +303 @@ The following example shows a typical finding from Security Hub for an AWS IoT D -To stop sending findings to Security Hub, you can use either the Security Hub console or the API. +To stop sending findings to Security Hub CSPM, you can use either the Security Hub CSPM console or the API. @@ -305 +305 @@ To stop sending findings to Security Hub, you can use either the Security Hub co -For more information, see [Disabling and enabling the flow of findings from an integration (console)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html#securityhub-integration-findings-flow-console) or [Disabling the flow of findings from an integration (Security Hub API, AWS CLI)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html#securityhub-integration-findings-flow-disable-api) in the _AWS Security Hub User Guide_. +For more information, see [Disabling and enabling the flow of findings from an integration (console)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html#securityhub-integration-findings-flow-console) or [Disabling the flow of findings from an integration (Security Hub CSPM API, AWS CLI)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html#securityhub-integration-findings-flow-disable-api) in the _AWS Security Hub CSPM User Guide_.