AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-12-10 · Documentation low

File: prescriptive-guidance/latest/patterns/automate-incident-response-and-forensics.md

Summary

Updated references from 'AWS Security Hub' to 'AWS Security Hub CSPM' in two locations and changed a section title from 'Authenticate SQL Server using AWS Directory Service' to 'Security, identity & compliance'.

Security assessment

The change adds 'CSPM' (Cloud Security Posture Management) branding to Security Hub references, enhancing documentation about security posture management features. No evidence of addressing a specific vulnerability or incident.

Diff

diff --git a/prescriptive-guidance/latest/patterns/automate-incident-response-and-forensics.md b/prescriptive-guidance/latest/patterns/automate-incident-response-and-forensics.md
index 4ff012ab1..9d3a96882 100644
--- a//prescriptive-guidance/latest/patterns/automate-incident-response-and-forensics.md
+++ b//prescriptive-guidance/latest/patterns/automate-incident-response-and-forensics.md
@@ -174 +174 @@ The intent of this pattern is to provide a scalable solution to perform incident
-  * [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides a comprehensive view of your security state in AWS. It also helps you check your AWS environment against security industry standards and best practices.
+  * [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides a comprehensive view of your security state in AWS. It also helps you check your AWS environment against security industry standards and best practices.
@@ -208 +208 @@ Task| Description| Skills required
-Deploy the custom Security Hub actions by using a CloudFormation template.| To create a custom action so that you can use the dropdown list from Security Hub, deploy the `Modules/SecurityHub Custom Actions/SecurityHubCustomActions.yaml` CloudFormation template. Then modify the `IRAutomation` role in each of the member accounts to allow the Lambda function that runs the action to assume the `IRAutomation` role. For more information, see the [GitHub repository](https://github.com/awslabs/aws-automated-incident-response-and-forensics#securityhub-actions).| AWS administrator  
+Deploy the custom Security Hub CSPM actions by using a CloudFormation template.| To create a custom action so that you can use the dropdown list from Security Hub CSPM, deploy the `Modules/SecurityHub Custom Actions/SecurityHubCustomActions.yaml` CloudFormation template. Then modify the `IRAutomation` role in each of the member accounts to allow the Lambda function that runs the action to assume the `IRAutomation` role. For more information, see the [GitHub repository](https://github.com/awslabs/aws-automated-incident-response-and-forensics#securityhub-actions).| AWS administrator  
@@ -252 +252 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Authenticate SQL Server using AWS Directory Service
+Security, identity & compliance