AWS prescriptive-guidance documentation change
Summary
Updated references from 'AWS Security Hub' to 'AWS Security Hub CSPM' in threat detection and security monitoring sections, including updated documentation links.
Security assessment
The change rebrands Security Hub to Security Hub CSPM but doesn't address any security vulnerability or incident. It's a naming/documentation update without security implications.
Diff
diff --git a/prescriptive-guidance/latest/designing-control-tower-landing-zone/auditing.md b/prescriptive-guidance/latest/designing-control-tower-landing-zone/auditing.md index c90d59cb6..d0007129a 100644 --- a//prescriptive-guidance/latest/designing-control-tower-landing-zone/auditing.md +++ b//prescriptive-guidance/latest/designing-control-tower-landing-zone/auditing.md @@ -31,2 +31,2 @@ Control compliance notifications | Provides notifications when there is drift in -Threat detection (Amazon GuardDuty) | Monitors VPC Flow Logs, CloudTrail, and DNS logs to detect suspicious or unexpected behavior in the accounts (for example, backdoor access, trojan programs, or unauthorized access).For more information, see the [Amazon GuardDuty documentation](https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html). | We recommend that you set up and configure GuardDuty when you create the landing zone. | You should set up notifications after setting up GuardDuty to ensure that you receive alerts for potential threats to remediate.Note: You can [integrate GuardDuty findings with AWS Security Hub](https://docs.aws.amazon.com/guardduty/latest/ug/securityhub-integration.html). -Security and compliance monitoring (AWS Security Hub) | Brings together security findings from multiple AWS services and third-party sources into a single centralized dashboard to help proactively identify and address security issues, vulnerabilities, and compliance concerns.For more information, see the [AWS Security Hub documentation](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html). | We recommend that you set up and configure Security Hub when you create the landing zone. | You should set up notifications after setting up Security Hub to ensure that you receive alerts for potential vulnerabilities to remediate.Note: You can [automate remediation in Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cloudwatch-events.html). +Threat detection (Amazon GuardDuty) | Monitors VPC Flow Logs, CloudTrail, and DNS logs to detect suspicious or unexpected behavior in the accounts (for example, backdoor access, trojan programs, or unauthorized access).For more information, see the [Amazon GuardDuty documentation](https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html). | We recommend that you set up and configure GuardDuty when you create the landing zone. | You should set up notifications after setting up GuardDuty to ensure that you receive alerts for potential threats to remediate.Note: You can [integrate GuardDuty findings with AWS Security Hub CSPM](https://docs.aws.amazon.com/guardduty/latest/ug/securityhub-integration.html). +Security and compliance monitoring (AWS Security Hub CSPM) | Brings together security findings from multiple AWS services and third-party sources into a single centralized dashboard to help proactively identify and address security issues, vulnerabilities, and compliance concerns.For more information, see the [AWS Security Hub CSPM documentation](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html). | We recommend that you set up and configure Security Hub CSPM when you create the landing zone. | You should set up notifications after setting up Security Hub CSPM to ensure that you receive alerts for potential vulnerabilities to remediate.Note: You can [automate remediation in Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cloudwatch-events.html).