AWS macie documentation change
Summary
Updated all references from 'Security Hub' to 'Security Hub CSPM' including section headers, body text, and examples. Modified links and terminology to reflect the new service name.
Security assessment
The changes solely rebrand references to Security Hub by adding 'CSPM' without introducing new security features, addressing vulnerabilities, or altering security guidance. No evidence of security incident remediation or vulnerability fixes exists in the diff.
Diff
diff --git a/macie/latest/user/securityhub-integration.md b/macie/latest/user/securityhub-integration.md index 93c9a7703..8fe34b81b 100644 --- a//macie/latest/user/securityhub-integration.md +++ b//macie/latest/user/securityhub-integration.md @@ -5 +5 @@ -How Macie publishes findings to Security HubExamples of Macie findings in Security HubIntegrating Macie with Security HubStopping publication of Macie findings to Security Hub +How Macie publishes findings to Security Hub CSPMExamples of Macie findings in Security Hub CSPMIntegrating Macie with Security Hub CSPMStopping publication of Macie findings to Security Hub CSPM @@ -7 +7 @@ How Macie publishes findings to Security HubExamples of Macie findings in Securi -# Evaluating Macie findings with AWS Security Hub +# Evaluating Macie findings with AWS Security Hub CSPM @@ -9 +9 @@ How Macie publishes findings to Security HubExamples of Macie findings in Securi -AWS Security Hub is a service that provides you with a comprehensive view of your security posture across your AWS environment and helps you check your environment against security industry standards and best practices. It does this partly by consuming, aggregating, organizing, and prioritizing findings from multiple AWS services and supported AWS Partner Network security solutions. Security Hub helps you analyze your security trends and identify the highest priority security issues. With Security Hub, you can also aggregate findings from multiple AWS Regions, and then evaluate and process all the aggregated findings data from a single Region. To learn more about Security Hub, see the [AWS Security Hub User Guide](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html). +AWS Security Hub CSPM is a service that provides you with a comprehensive view of your security posture across your AWS environment and helps you check your environment against security industry standards and best practices. It does this partly by consuming, aggregating, organizing, and prioritizing findings from multiple AWS services and supported AWS Partner Network security solutions. Security Hub CSPM helps you analyze your security trends and identify the highest priority security issues. With Security Hub CSPM, you can also aggregate findings from multiple AWS Regions, and then evaluate and process all the aggregated findings data from a single Region. To learn more about Security Hub CSPM, see the [AWS Security Hub CSPM User Guide](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html). @@ -11 +11 @@ AWS Security Hub is a service that provides you with a comprehensive view of you -Amazon Macie integrates with Security Hub, which means that you can publish findings from Macie to Security Hub automatically. Security Hub can then include those findings in its analysis of your security posture. In addition, you can use Security Hub to evaluate and process policy and sensitive data findings as part of a larger, aggregated set of findings data for your AWS environment. In other words, you can evaluate Macie findings while performing broader analyses of your organization’s security posture, and remediate findings as necessary. Security Hub reduces the complexity of addressing large volumes of findings from multiple providers. In addition, it uses a standard format for all findings, including findings from Macie. Use of this format, the _AWS Security Finding Format (ASFF)_ , eliminates the need for you to perform time-consuming data conversion efforts. +Amazon Macie integrates with Security Hub CSPM, which means that you can publish findings from Macie to Security Hub CSPM automatically. Security Hub CSPM can then include those findings in its analysis of your security posture. In addition, you can use Security Hub CSPM to evaluate and process policy and sensitive data findings as part of a larger, aggregated set of findings data for your AWS environment. In other words, you can evaluate Macie findings while performing broader analyses of your organization’s security posture, and remediate findings as necessary. Security Hub CSPM reduces the complexity of addressing large volumes of findings from multiple providers. In addition, it uses a standard format for all findings, including findings from Macie. Use of this format, the _AWS Security Finding Format (ASFF)_ , eliminates the need for you to perform time-consuming data conversion efforts. @@ -15 +15 @@ Amazon Macie integrates with Security Hub, which means that you can publish find - * How Macie publishes findings to Security Hub + * How Macie publishes findings to Security Hub CSPM @@ -17 +17 @@ Amazon Macie integrates with Security Hub, which means that you can publish find - * Examples of Macie findings in Security Hub + * Examples of Macie findings in Security Hub CSPM @@ -19 +19 @@ Amazon Macie integrates with Security Hub, which means that you can publish find - * Integrating Macie with Security Hub + * Integrating Macie with Security Hub CSPM @@ -21 +21 @@ Amazon Macie integrates with Security Hub, which means that you can publish find - * Stopping publication of Macie findings to Security Hub + * Stopping publication of Macie findings to Security Hub CSPM @@ -26 +26 @@ Amazon Macie integrates with Security Hub, which means that you can publish find -## How Macie publishes findings to AWS Security Hub +## How Macie publishes findings to AWS Security Hub CSPM @@ -28 +28 @@ Amazon Macie integrates with Security Hub, which means that you can publish find -In AWS Security Hub, security issues are tracked as findings. Some findings come from issues that are detected by AWS services, such as Amazon Macie, or by supported AWS Partner Network security solutions. Security Hub also has a set of rules that it uses to detect security issues and generate findings. +In AWS Security Hub CSPM, security issues are tracked as findings. Some findings come from issues that are detected by AWS services, such as Amazon Macie, or by supported AWS Partner Network security solutions. Security Hub CSPM also has a set of rules that it uses to detect security issues and generate findings. @@ -30 +30 @@ In AWS Security Hub, security issues are tracked as findings. Some findings come -Security Hub provides tools to manage findings from all of these sources. You can review and filter lists of findings and review the details of individual findings. To learn how, see [Reviewing finding history and finding details](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-viewing.html) in the _AWS Security Hub User Guide_. You can also track the status of an investigation into a finding. To learn how, see [Setting the workflow status of findings](https://docs.aws.amazon.com/securityhub/latest/userguide/findings-workflow-status.html) in the _AWS Security Hub User Guide_. +Security Hub CSPM provides tools to manage findings from all of these sources. You can review and filter lists of findings and review the details of individual findings. To learn how, see [Reviewing finding history and finding details](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-viewing.html) in the _AWS Security Hub CSPM User Guide_. You can also track the status of an investigation into a finding. To learn how, see [Setting the workflow status of findings](https://docs.aws.amazon.com/securityhub/latest/userguide/findings-workflow-status.html) in the _AWS Security Hub CSPM User Guide_. @@ -32 +32 @@ Security Hub provides tools to manage findings from all of these sources. You ca -All findings in Security Hub use a standard JSON format called the _AWS Security Finding Format (ASFF)_. The ASFF includes details about the source of an issue, the affected resources, and the current status of a finding. For more information, see [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) in the _AWS Security Hub User Guide_. +All findings in Security Hub CSPM use a standard JSON format called the _AWS Security Finding Format (ASFF)_. The ASFF includes details about the source of an issue, the affected resources, and the current status of a finding. For more information, see [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) in the _AWS Security Hub CSPM User Guide_. @@ -34 +34 @@ All findings in Security Hub use a standard JSON format called the _AWS Security -### Types of findings that Macie publishes to Security Hub +### Types of findings that Macie publishes to Security Hub CSPM @@ -36 +36 @@ All findings in Security Hub use a standard JSON format called the _AWS Security -Depending on the publication settings that you choose for your Macie account, Macie can publish all the findings that it creates to Security Hub, both sensitive data findings and policy findings. For information about these settings and how to change them, see [Configuring publication settings for findings](./findings-publish-frequency.html). By default, Macie publishes only new and updated policy findings to Security Hub. Macie doesn't publish sensitive data findings to Security Hub. +Depending on the publication settings that you choose for your Macie account, Macie can publish all the findings that it creates to Security Hub CSPM, both sensitive data findings and policy findings. For information about these settings and how to change them, see [Configuring publication settings for findings](./findings-publish-frequency.html). By default, Macie publishes only new and updated policy findings to Security Hub CSPM. Macie doesn't publish sensitive data findings to Security Hub CSPM. @@ -40 +40 @@ Depending on the publication settings that you choose for your Macie account, Ma -If you configure Macie to publish [sensitive data findings](./findings-types.html#findings-sensitive-data-types) to Security Hub, Macie automatically publishes each sensitive data finding that it creates for your account, and it does so immediately after it finishes processing the finding. Macie does this for all sensitive data findings that aren't archived automatically by a [suppression rule](./findings-suppression.html). +If you configure Macie to publish [sensitive data findings](./findings-types.html#findings-sensitive-data-types) to Security Hub CSPM, Macie automatically publishes each sensitive data finding that it creates for your account, and it does so immediately after it finishes processing the finding. Macie does this for all sensitive data findings that aren't archived automatically by a [suppression rule](./findings-suppression.html). @@ -44 +44 @@ If you're the Macie administrator for an organization, publication is limited to -When Macie publishes sensitive data findings to Security Hub, it uses the [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html), which is the standard format for all findings in Security Hub. In the ASFF, the `Types` field indicates a finding's type. This field uses a taxonomy that's slightly different from the finding type taxonomy in Macie. +When Macie publishes sensitive data findings to Security Hub CSPM, it uses the [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html), which is the standard format for all findings in Security Hub CSPM. In the ASFF, the `Types` field indicates a finding's type. This field uses a taxonomy that's slightly different from the finding type taxonomy in Macie. @@ -58 +58 @@ SensitiveData:S3Object/Personal | Sensitive Data Identifications/PII/SensitiveD -If you configure Macie to publish [policy findings](./findings-types.html#findings-policy-types) to Security Hub, Macie automatically publishes each new policy finding that it creates, and it does so immediately after it finishes processing the finding. If Macie detects a subsequent occurrence of an existing policy finding, it automatically publishes an update to the existing finding in Security Hub, using a publication frequency that you specify for your account. Macie performs these tasks for all policy findings that aren't archived automatically by a [suppression rule](./findings-suppression.html). +If you configure Macie to publish [policy findings](./findings-types.html#findings-policy-types) to Security Hub CSPM, Macie automatically publishes each new policy finding that it creates, and it does so immediately after it finishes processing the finding. If Macie detects a subsequent occurrence of an existing policy finding, it automatically publishes an update to the existing finding in Security Hub CSPM, using a publication frequency that you specify for your account. Macie performs these tasks for all policy findings that aren't archived automatically by a [suppression rule](./findings-suppression.html). @@ -60 +60 @@ If you configure Macie to publish [policy findings](./findings-types.html#findin -If you're the Macie administrator for an organization, publication is limited to policy findings for S3 buckets that are owned directly by your account. Macie doesn't publish policy findings that it creates or updates for member accounts in your organization. This helps ensure that you don't have duplicate findings data in Security Hub. +If you're the Macie administrator for an organization, publication is limited to policy findings for S3 buckets that are owned directly by your account. Macie doesn't publish policy findings that it creates or updates for member accounts in your organization. This helps ensure that you don't have duplicate findings data in Security Hub CSPM. @@ -62 +62 @@ If you're the Macie administrator for an organization, publication is limited to -As is the case for sensitive data findings, Macie uses the AWS Security Finding Format (ASFF) when it publishes new and updated policy findings to Security Hub. In the ASFF, the `Types` field uses a taxonomy that's slightly different from the finding type taxonomy in Macie. +As is the case for sensitive data findings, Macie uses the AWS Security Finding Format (ASFF) when it publishes new and updated policy findings to Security Hub CSPM. In the ASFF, the `Types` field uses a taxonomy that's slightly different from the finding type taxonomy in Macie. @@ -64 +64 @@ As is the case for sensitive data findings, Macie uses the AWS Security Finding -The following table lists the ASFF finding type for each type of policy finding that Macie can create. If Macie created or updated a policy finding in Security Hub on or after January 28, 2021, the finding has one of the following values for the ASFF `Types` field in Security Hub. +The following table lists the ASFF finding type for each type of policy finding that Macie can create. If Macie created or updated a policy finding in Security Hub CSPM on or after January 28, 2021, the finding has one of the following values for the ASFF `Types` field in Security Hub CSPM. @@ -75 +75 @@ Policy:IAMUser/S3BucketSharedWithCloudFront | Software and Configuration Checks -If Macie created or last updated a policy finding before January 28, 2021, the finding has one of the following values for the ASFF `Types` field in Security Hub: +If Macie created or last updated a policy finding before January 28, 2021, the finding has one of the following values for the ASFF `Types` field in Security Hub CSPM: @@ -94 +94 @@ The values in the preceding list map directly to values for the **Finding type** -As you review and process policy findings in Security Hub, note the following exceptions: +As you review and process policy findings in Security Hub CSPM, note the following exceptions: @@ -98 +98 @@ As you review and process policy findings in Security Hub, note the following ex - * If you acted upon a policy finding in Security Hub before Macie began using ASFF finding types in your AWS Region, the value for the ASFF `Types` field of the finding will be one of the Macie finding types in the preceding list. It will not be one of the ASFF finding types in the preceding table. This is true for policy findings that you acted upon using the AWS Security Hub console or the `BatchUpdateFindings` operation of the AWS Security Hub API. + * If you acted upon a policy finding in Security Hub CSPM before Macie began using ASFF finding types in your AWS Region, the value for the ASFF `Types` field of the finding will be one of the Macie finding types in the preceding list. It will not be one of the ASFF finding types in the preceding table. This is true for policy findings that you acted upon using the AWS Security Hub CSPM console or the `BatchUpdateFindings` operation of the AWS Security Hub CSPM API. @@ -103 +103 @@ As you review and process policy findings in Security Hub, note the following ex -### Latency for publishing findings to Security Hub +### Latency for publishing findings to Security Hub CSPM @@ -105 +105 @@ As you review and process policy findings in Security Hub, note the following ex -When Amazon Macie creates a new policy or sensitive data finding, it publishes the finding to AWS Security Hub immediately after it finishes processing the finding. +When Amazon Macie creates a new policy or sensitive data finding, it publishes the finding to AWS Security Hub CSPM immediately after it finishes processing the finding. @@ -107 +107 @@ When Amazon Macie creates a new policy or sensitive data finding, it publishes t -If Macie detects a subsequent occurrence of an existing policy finding, it publishes an update to the existing finding in Security Hub. The timing of the update depends on the publication frequency that you choose for your Macie account. By default, Macie publishes updates every 15 minutes. For more information, including how to change the setting for your account, see [Configuring publication settings for findings](./findings-publish-frequency.html). +If Macie detects a subsequent occurrence of an existing policy finding, it publishes an update to the existing finding in Security Hub CSPM. The timing of the update depends on the publication frequency that you choose for your Macie account. By default, Macie publishes updates every 15 minutes. For more information, including how to change the setting for your account, see [Configuring publication settings for findings](./findings-publish-frequency.html). @@ -109 +109 @@ If Macie detects a subsequent occurrence of an existing policy finding, it publi -### Retrying publication when Security Hub isn't available +### Retrying publication when Security Hub CSPM isn't available @@ -111 +111 @@ If Macie detects a subsequent occurrence of an existing policy finding, it publi -If AWS Security Hub isn't available, Amazon Macie creates a queue of findings that haven't been received by Security Hub. When the system is restored, Macie retries publication until the findings are received by Security Hub. +If AWS Security Hub CSPM isn't available, Amazon Macie creates a queue of findings that haven't been received by Security Hub CSPM. When the system is restored, Macie retries publication until the findings are received by Security Hub CSPM. @@ -113 +113 @@ If AWS Security Hub isn't available, Amazon Macie creates a queue of findings th -### Updating existing findings in Security Hub +### Updating existing findings in Security Hub CSPM @@ -115 +115 @@ If AWS Security Hub isn't available, Amazon Macie creates a queue of findings th -After Amazon Macie publishes a policy finding to AWS Security Hub, Macie updates the finding to reflect any additional occurrences of the finding or finding activity. Macie does this only for policy findings. Macie doesn't update sensitive data findings in Security Hub. Unlike policy findings, all sensitive data findings are treated as new (unique). +After Amazon Macie publishes a policy finding to AWS Security Hub CSPM, Macie updates the finding to reflect any additional occurrences of the finding or finding activity. Macie does this only for policy findings. Macie doesn't update sensitive data findings in Security Hub CSPM. Unlike policy findings, all sensitive data findings are treated as new (unique). @@ -119 +119 @@ When Macie publishes an update to a policy finding, Macie updates the value for -Macie might also update the value for the **Types** (`Types`) field of a finding if the existing value for the field isn't an ASFF finding type. This depends on whether you've acted upon the finding in Security Hub. If you haven't acted upon the finding, Macie changes the field's value to the appropriate ASFF finding type. If you've acted upon the finding, using either the AWS Security Hub console or the `BatchUpdateFindings` operation of the AWS Security Hub API, Macie doesn't change the field's value. +Macie might also update the value for the **Types** (`Types`) field of a finding if the existing value for the field isn't an ASFF finding type. This depends on whether you've acted upon the finding in Security Hub CSPM. If you haven't acted upon the finding, Macie changes the field's value to the appropriate ASFF finding type. If you've acted upon the finding, using either the AWS Security Hub CSPM console or the `BatchUpdateFindings` operation of the AWS Security Hub CSPM API, Macie doesn't change the field's value. @@ -121 +121 @@ Macie might also update the value for the **Types** (`Types`) field of a finding -## Examples of Macie findings in AWS Security Hub +## Examples of Macie findings in AWS Security Hub CSPM @@ -123 +123 @@ Macie might also update the value for the **Types** (`Types`) field of a finding -When Amazon Macie publishes findings to AWS Security Hub, it uses the [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html). This is the standard format for all findings in Security Hub. The following examples use sample data to demonstrate the structure and nature of the findings data that Macie publishes to Security Hub in this format: +When Amazon Macie publishes findings to AWS Security Hub CSPM, it uses the [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html). This is the standard format for all findings in Security Hub CSPM. The following examples use sample data to demonstrate the structure and nature of the findings data that Macie publishes to Security Hub CSPM in this format: @@ -132 +132 @@ When Amazon Macie publishes findings to AWS Security Hub, it uses the [AWS Secur -### Example of a sensitive data finding in Security Hub +### Example of a sensitive data finding in Security Hub CSPM @@ -134 +134 @@ When Amazon Macie publishes findings to AWS Security Hub, it uses the [AWS Secur -Here's an example of a sensitive data finding that Macie published to Security Hub using the ASFF. +Here's an example of a sensitive data finding that Macie published to Security Hub CSPM using the ASFF. @@ -274 +274 @@ Here's an example of a sensitive data finding that Macie published to Security H -### Example of a policy finding in Security Hub +### Example of a policy finding in Security Hub CSPM @@ -276 +276 @@ Here's an example of a sensitive data finding that Macie published to Security H -Here's an example of a new policy finding that Macie published to Security Hub in the ASFF. +Here's an example of a new policy finding that Macie published to Security Hub CSPM in the ASFF. @@ -359 +359 @@ Here's an example of a new policy finding that Macie published to Security Hub i -## Integrating Macie with AWS Security Hub +## Integrating Macie with AWS Security Hub CSPM @@ -361 +361 @@ Here's an example of a new policy finding that Macie published to Security Hub i -To integrate Amazon Macie with AWS Security Hub, enable Security Hub for your AWS account. To learn how, see [Enabling Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html) in the _AWS Security Hub User Guide_. +To integrate Amazon Macie with AWS Security Hub CSPM, enable Security Hub CSPM for your AWS account. To learn how, see [Enabling Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html) in the _AWS Security Hub CSPM User Guide_. @@ -363 +363 @@ To integrate Amazon Macie with AWS Security Hub, enable Security Hub for your AW -When you enable both Macie and Security Hub, the integration is enabled automatically. By default, Macie begins to publish new and updated policy findings to Security Hub automatically. You don't need to take additional steps to configure the integration. If you have existing policy findings when the integration is enabled, Macie doesn't publish them to Security Hub. Instead, Macie publishes only those policy findings that it creates or updates after the integration is enabled. +When you enable both Macie and Security Hub CSPM, the integration is enabled automatically. By default, Macie begins to publish new and updated policy findings to Security Hub CSPM automatically. You don't need to take additional steps to configure the integration. If you have existing policy findings when the integration is enabled, Macie doesn't publish them to Security Hub CSPM. Instead, Macie publishes only those policy findings that it creates or updates after the integration is enabled. @@ -365 +365 @@ When you enable both Macie and Security Hub, the integration is enabled automati -You can optionally customize your configuration by choosing the frequency with which Macie publishes updates to policy findings in Security Hub. You can also choose to publish sensitive data findings to Security Hub. To learn how, see [Configuring publication settings for findings](./findings-publish-frequency.html). +You can optionally customize your configuration by choosing the frequency with which Macie publishes updates to policy findings in Security Hub CSPM. You can also choose to publish sensitive data findings to Security Hub CSPM. To learn how, see [Configuring publication settings for findings](./findings-publish-frequency.html). @@ -367 +367 @@ You can optionally customize your configuration by choosing the frequency with w -## Stopping publication of Macie findings to AWS Security Hub +## Stopping publication of Macie findings to AWS Security Hub CSPM @@ -369 +369 @@ You can optionally customize your configuration by choosing the frequency with w -To stop publishing Amazon Macie findings to AWS Security Hub, you can change the publication settings for your Macie account. To learn how, see [Choosing publication destinations for findings](./findings-publish-frequency.html#findings-publish-destinations-change). You can also do this by using Security Hub. To learn how, see [Disabling the flow of findings from an integration](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-providers.html#securityhub-integration-disable) in the _AWS Security Hub User Guide_. +To stop publishing Amazon Macie findings to AWS Security Hub CSPM, you can change the publication settings for your Macie account. To learn how, see [Choosing publication destinations for findings](./findings-publish-frequency.html#findings-publish-destinations-change). You can also do this by using Security Hub CSPM. To learn how, see [Disabling the flow of findings from an integration](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-providers.html#securityhub-integration-disable) in the _AWS Security Hub CSPM User Guide_.