AWS prescriptive-guidance documentation change
Summary
Updated references from 'Security Hub' to 'Security Hub CSPM' throughout document, including integration examples and section headers
Security assessment
The changes emphasize Security Hub's CSPM capabilities in multiple contexts, improving documentation accuracy about security posture management features. No evidence of addressing a specific security vulnerability.
Diff
diff --git a/prescriptive-guidance/latest/aws-security-controls/detective-controls.md b/prescriptive-guidance/latest/aws-security-controls/detective-controls.md index e97070d6c..a3ff111a2 100644 --- a//prescriptive-guidance/latest/aws-security-controls/detective-controls.md +++ b//prescriptive-guidance/latest/aws-security-controls/detective-controls.md @@ -67 +67 @@ You can automatically analyze logs from different sources such as AWS CloudTrail -A common detective control is implementing one or more monitoring services, which can analyze data sources, such as logs, to identify security threats. In the AWS Cloud, you can analyze sources such as AWS CloudTrail logs, Amazon S3 access logs, and Amazon Virtual Private Cloud flow logs to help detect unusual activity. AWS security services, such as Amazon GuardDuty, Amazon Detective, AWS Security Hub, and Amazon Macie have built-in monitoring functionalities. +A common detective control is implementing one or more monitoring services, which can analyze data sources, such as logs, to identify security threats. In the AWS Cloud, you can analyze sources such as AWS CloudTrail logs, Amazon S3 access logs, and Amazon Virtual Private Cloud flow logs to help detect unusual activity. AWS security services, such as Amazon GuardDuty, Amazon Detective, AWS Security Hub CSPM, and Amazon Macie have built-in monitoring functionalities. @@ -69 +69 @@ A common detective control is implementing one or more monitoring services, whic -### GuardDuty and Security Hub +### GuardDuty and Security Hub CSPM @@ -71 +71 @@ A common detective control is implementing one or more monitoring services, whic -[Amazon GuardDuty](https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html) uses threat intelligence, machine learning, and anomaly-detection techniques to continuously monitor your log sources for malicious or unauthorized activity. The dashboard provides insights into the real-time health of your AWS accounts and workloads. You can integrate GuardDuty with [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html), a cloud security posture management service that checks for adherence to best practices, aggregates alerts, and enables automated remediation. GuardDuty sends findings to Security Hub as a way to centralize information. You can further integrate Security Hub with security information and event management (SIEM) solutions to extend monitoring and alerting capabilities for your organization. +[Amazon GuardDuty](https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html) uses threat intelligence, machine learning, and anomaly-detection techniques to continuously monitor your log sources for malicious or unauthorized activity. The dashboard provides insights into the real-time health of your AWS accounts and workloads. You can integrate GuardDuty with [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html), a cloud security posture management service that checks for adherence to best practices, aggregates alerts, and enables automated remediation. GuardDuty sends findings to Security Hub CSPM as a way to centralize information. You can further integrate Security Hub CSPM with security information and event management (SIEM) solutions to extend monitoring and alerting capabilities for your organization. @@ -81 +81 @@ A common detective control is implementing one or more monitoring services, whic - * Macie integrates natively with other AWS services and tools. For example, Macie issues findings as Amazon EventBridge events, which are automatically sent to Security Hub. + * Macie integrates natively with other AWS services and tools. For example, Macie issues findings as Amazon EventBridge events, which are automatically sent to Security Hub CSPM. @@ -137 +137 @@ The following are best practices for configuring detective controls in Amazon In - * Enable Amazon Inspector on all accounts and integrate it into EventBridge and Security Hub to configure reporting and notifications for security vulnerabilities. + * Enable Amazon Inspector on all accounts and integrate it into EventBridge and Security Hub CSPM to configure reporting and notifications for security vulnerabilities.