AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-12-10 · Documentation low

File: prescriptive-guidance/latest/cyber-threat-intelligence-sharing/architecture-gain-visibility.md

Summary

Updated references from 'Security Hub' to 'Security Hub CSPM' throughout the document, including links and integration examples. Added CSPM branding to Security Hub-related content.

Security assessment

The changes primarily involve rebranding/updating terminology to include 'CSPM' (Cloud Security Posture Management) in Security Hub references. While CSPM is a security-related capability, the modifications are documentation nomenclature updates rather than addressing a specific security vulnerability or introducing new security features. No evidence of patching vulnerabilities or responding to security incidents is present in the diff.

Diff

diff --git a/prescriptive-guidance/latest/cyber-threat-intelligence-sharing/architecture-gain-visibility.md b/prescriptive-guidance/latest/cyber-threat-intelligence-sharing/architecture-gain-visibility.md
index d3bb6a497..79920b202 100644
--- a//prescriptive-guidance/latest/cyber-threat-intelligence-sharing/architecture-gain-visibility.md
+++ b//prescriptive-guidance/latest/cyber-threat-intelligence-sharing/architecture-gain-visibility.md
@@ -11 +11 @@ The ability to view the security events that have occurred is just as important
-This guide recommends that you use [Amazon Simple Storage Service (Amazon S3)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html) to centralize log data. Amazon S3 supports log storage for both AWS Network Firewall and Amazon Route 53 Resolver DNS Firewall. Then, you use [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) and [Amazon Security Lake](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html) to centralize the Amazon GuardDuty findings and other security findings into a single location.
+This guide recommends that you use [Amazon Simple Storage Service (Amazon S3)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html) to centralize log data. Amazon S3 supports log storage for both AWS Network Firewall and Amazon Route 53 Resolver DNS Firewall. Then, you use [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) and [Amazon Security Lake](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html) to centralize the Amazon GuardDuty findings and other security findings into a single location.
@@ -23 +23 @@ Both Network Firewall and DNS Firewall support logging to Amazon S3. For more in
-[AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides a comprehensive view of your security state in AWS and helps you assess your AWS environment against security industry standards and best practices. Security Hub can generate findings that are associated with your security controls. It can also receive findings from other AWS services, such as Amazon GuardDuty. You can use Security Hub to centralize findings and data from across your AWS accounts, AWS services, and supported third-party products. For more information about integrations, see [Understanding integrations in Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-providers.html) in the Security Hub documentation.
+[AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides a comprehensive view of your security state in AWS and helps you assess your AWS environment against security industry standards and best practices. Security Hub CSPM can generate findings that are associated with your security controls. It can also receive findings from other AWS services, such as Amazon GuardDuty. You can use Security Hub CSPM to centralize findings and data from across your AWS accounts, AWS services, and supported third-party products. For more information about integrations, see [Understanding integrations in Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-providers.html) in the Security Hub CSPM documentation.
@@ -25 +25 @@ Both Network Firewall and DNS Firewall support logging to Amazon S3. For more in
-Security Hub also includes automation features that help you triage and remediate security issues. For example, you can use automation rules to automatically update critical findings when a security check fails. You can also use the integration with Amazon EventBridge to initiate automatic responses to specific findings. For more information, see [Automatically modifying and acting on Security Hub findings](https://docs.aws.amazon.com/securityhub/latest/userguide/automations.html) in the Security Hub documentation.
+Security Hub CSPM also includes automation features that help you triage and remediate security issues. For example, you can use automation rules to automatically update critical findings when a security check fails. You can also use the integration with Amazon EventBridge to initiate automatic responses to specific findings. For more information, see [Automatically modifying and acting on Security Hub CSPM findings](https://docs.aws.amazon.com/securityhub/latest/userguide/automations.html) in the Security Hub CSPM documentation.
@@ -27 +27 @@ Security Hub also includes automation features that help you triage and remediat
-If you use Amazon GuardDuty, we recommend that you configure GuardDuty to send its findings to Security Hub. Security Hub can then include those findings in its analysis of your security posture. For more information, see [Integrating with AWS Security Hub](https://docs.aws.amazon.com/guardduty/latest/ug/securityhub-integration.html) in the GuardDuty documentation.
+If you use Amazon GuardDuty, we recommend that you configure GuardDuty to send its findings to Security Hub CSPM. Security Hub CSPM can then include those findings in its analysis of your security posture. For more information, see [Integrating with AWS Security Hub CSPM](https://docs.aws.amazon.com/guardduty/latest/ug/securityhub-integration.html) in the GuardDuty documentation.
@@ -29 +29 @@ If you use Amazon GuardDuty, we recommend that you configure GuardDuty to send i
-For both Network Firewall and Route 53 Resolver DNS Firewall, you can create custom findings from the network traffic that you're logging. [Amazon Athena](https://docs.aws.amazon.com/athena/latest/ug/what-is.html) is an interactive query service that helps you analyze data directly in Amazon S3 by using standard SQL. You can construct queries in Athena that scan the logs in Amazon S3 and extract the relevant data. For instructions, see [Getting Started](https://docs.aws.amazon.com/athena/latest/ug/getting-started.html) in the Athena documentation. Then, you can use an AWS Lambda function to convert the relevant log data into [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) and send the finding to Security Hub. The following is a sample Lambda function that converts log data from Network Firewall into a Security Hub finding:
+For both Network Firewall and Route 53 Resolver DNS Firewall, you can create custom findings from the network traffic that you're logging. [Amazon Athena](https://docs.aws.amazon.com/athena/latest/ug/what-is.html) is an interactive query service that helps you analyze data directly in Amazon S3 by using standard SQL. You can construct queries in Athena that scan the logs in Amazon S3 and extract the relevant data. For instructions, see [Getting Started](https://docs.aws.amazon.com/athena/latest/ug/getting-started.html) in the Athena documentation. Then, you can use an AWS Lambda function to convert the relevant log data into [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) and send the finding to Security Hub CSPM. The following is a sample Lambda function that converts log data from Network Firewall into a Security Hub CSPM finding:
@@ -77 +77 @@ For both Network Firewall and Route 53 Resolver DNS Firewall, you can create cus
-The pattern that you follow for extracting and sending information to Security Hub is dependent on your individual business needs. If you need the data to be sent on a regular schedule, you can use EventBridge to initiate the process. If you want to receive an alert when the information is added, you can use [Amazon Simple Notification Service (Amazon SNS)](https://docs.aws.amazon.com/sns/latest/dg/welcome.html). There are many ways to approach this architecture, so it's important to properly plan so that your business needs are achieved.
+The pattern that you follow for extracting and sending information to Security Hub CSPM is dependent on your individual business needs. If you need the data to be sent on a regular schedule, you can use EventBridge to initiate the process. If you want to receive an alert when the information is added, you can use [Amazon Simple Notification Service (Amazon SNS)](https://docs.aws.amazon.com/sns/latest/dg/welcome.html). There are many ways to approach this architecture, so it's important to properly plan so that your business needs are achieved.
@@ -83 +83 @@ The pattern that you follow for extracting and sending information to Security H
-You can configure Security Lake to receive findings from Security Hub. To activate this integration, you must enable both services and add Security Hub as a source in Security Lake. Once you complete these steps, Security Hub begins to send all findings to Security Lake. Security Lake automatically normalizes Security Hub findings and converts them to OCSF. In Security Lake, you can add one or more subscribers to consume Security Hub findings. For more information, see [Integration with AWS Security Hub](https://docs.aws.amazon.com/security-lake/latest/userguide/aws-integrations.html#securityhub-integration) in the Security Lake documentation.
+You can configure Security Lake to receive findings from Security Hub CSPM. To activate this integration, you must enable both services and add Security Hub CSPM as a source in Security Lake. Once you complete these steps, Security Hub CSPM begins to send all findings to Security Lake. Security Lake automatically normalizes Security Hub CSPM findings and converts them to OCSF. In Security Lake, you can add one or more subscribers to consume Security Hub CSPM findings. For more information, see [Integration with AWS Security Hub CSPM](https://docs.aws.amazon.com/security-lake/latest/userguide/aws-integrations.html#securityhub-integration) in the Security Lake documentation.
@@ -85 +85 @@ You can configure Security Lake to receive findings from Security Hub. To activa
-The following video, [AWS re:Inforce 2024 - Cyber threat intelligence sharing on AWS](https://www.youtube.com/watch?v=ufNNHBPPjQU), discusses how you can use Security Hub and Security Lake integrations to share CTI.
+The following video, [AWS re:Inforce 2024 - Cyber threat intelligence sharing on AWS](https://www.youtube.com/watch?v=ufNNHBPPjQU), discusses how you can use Security Hub CSPM and Security Lake integrations to share CTI.