AWS prescriptive-guidance documentation change
Summary
Updated references from 'AWS Security Hub' to 'AWS Security Hub CSPM' in workflow documentation
Security assessment
Change specifies CSPM component but does not address vulnerabilities or introduce new security features. It clarifies tool usage without security implications.
Diff
diff --git a/prescriptive-guidance/latest/cyber-threat-intelligence-sharing/architecture-share.md b/prescriptive-guidance/latest/cyber-threat-intelligence-sharing/architecture-share.md index 014ea7b9d..a5c03ab84 100644 --- a//prescriptive-guidance/latest/cyber-threat-intelligence-sharing/architecture-share.md +++ b//prescriptive-guidance/latest/cyber-threat-intelligence-sharing/architecture-share.md @@ -9 +9 @@ The community that you send cyber threat intelligence (CTI) to is usually the sa -Sending CTI to the trust community happens at the same time as implementing preventative and detective controls. You use logs to help identify security events. Then, you centralize events and findings so that you can quickly get an overview of the security posture of your AWS accounts. Then, your security teams, such as your cyber analysts, can identify any information that might be valuable. Because you already have findings in AWS Security Hub, you can convert these findings into the format used by the threat feed, such as JSON or STIX. Then, you send the CTI to the feed provider. Their threat intelligence platforms ingest, anonymize, and validate the CTI that you provide. Then, your CTI is shared with an even wider community. +Sending CTI to the trust community happens at the same time as implementing preventative and detective controls. You use logs to help identify security events. Then, you centralize events and findings so that you can quickly get an overview of the security posture of your AWS accounts. Then, your security teams, such as your cyber analysts, can identify any information that might be valuable. Because you already have findings in AWS Security Hub CSPM, you can convert these findings into the format used by the threat feed, such as JSON or STIX. Then, you send the CTI to the feed provider. Their threat intelligence platforms ingest, anonymize, and validate the CTI that you provide. Then, your CTI is shared with an even wider community. @@ -17 +17 @@ This diagram shows the following workflow: - 1. Findings are created in AWS Security Hub. + 1. Findings are created in AWS Security Hub CSPM. @@ -19 +19 @@ This diagram shows the following workflow: - 2. An AWS Lambda function retrieves the findings from Security Hub and converts them into a sharable format, such as JSON or STIX. + 2. An AWS Lambda function retrieves the findings from Security Hub CSPM and converts them into a sharable format, such as JSON or STIX.