AWS prescriptive-guidance documentation change
Summary
Updated documentation to consistently reference 'Security Hub CSPM' instead of 'Security Hub' throughout the document. Changes include title updates, terminology replacements, and console references.
Security assessment
The changes are purely terminological updates (adding 'CSPM' to Security Hub references) without introducing new security content, addressing vulnerabilities, or modifying security procedures. There's no evidence of security incident remediation or vulnerability fixes in the diff.
Diff
diff --git a/prescriptive-guidance/latest/patterns/bidirectionally-integrate-aws-security-hub-with-jira-software.md b/prescriptive-guidance/latest/patterns/bidirectionally-integrate-aws-security-hub-with-jira-software.md index 9ab085886..00058757d 100644 --- a//prescriptive-guidance/latest/patterns/bidirectionally-integrate-aws-security-hub-with-jira-software.md +++ b//prescriptive-guidance/latest/patterns/bidirectionally-integrate-aws-security-hub-with-jira-software.md @@ -7 +7 @@ SummaryPrerequisites and limitationsArchitectureToolsEpicsRelated resourcesAddit -# Bidirectionally integrate AWS Security Hub with Jira software +# Bidirectionally integrate AWS Security Hub CSPM with Jira software @@ -13 +13 @@ SummaryPrerequisites and limitationsArchitectureToolsEpicsRelated resourcesAddit -This solution supports a bidirectional integration between AWS Security Hub and Jira. Using this solution, you can automatically and manually create and update Jira tickets from Security Hub findings. Security teams can use this integration to notify developer teams of severe security findings that require action. +This solution supports a bidirectional integration between AWS Security Hub CSPM and Jira. Using this solution, you can automatically and manually create and update Jira tickets from Security Hub CSPM findings. Security teams can use this integration to notify developer teams of severe security findings that require action. @@ -17 +17 @@ The solution allows you to: - * Select which Security Hub controls automatically create or update tickets in Jira. + * Select which Security Hub CSPM controls automatically create or update tickets in Jira. @@ -19 +19 @@ The solution allows you to: - * In the Security Hub console, use Security Hub custom actions to manually escalate tickets in Jira. + * In the Security Hub CSPM console, use Security Hub CSPM custom actions to manually escalate tickets in Jira. @@ -23 +23 @@ The solution allows you to: - * Automatically suppress Security Hub findings that are marked as false positive or accepted risk in Jira. + * Automatically suppress Security Hub CSPM findings that are marked as false positive or accepted risk in Jira. @@ -25 +25 @@ The solution allows you to: - * Automatically close a Jira ticket when its related finding is archived in Security Hub. + * Automatically close a Jira ticket when its related finding is archived in Security Hub CSPM. @@ -27 +27 @@ The solution allows you to: - * Reopen Jira tickets when Security Hub findings reoccur. + * Reopen Jira tickets when Security Hub CSPM findings reoccur. @@ -34 +34 @@ The solution allows you to: -The solution uses a custom Jira workflow that allows developers to manage and document risks. As the issue moves through the workflow, bidirectional integration ensures that the status of the Jira ticket and Security Hub finding is synchronized across the workflows in both services. This workflow is a derivative of _SecDevOps Risk Workflow_ by Dinis Cruz, licensed licensed under [Apache License version 2.0](https://www.apache.org/licenses/LICENSE-2.0). We recommend adding a Jira workflow condition so that only members of your security team can change the ticket status. +The solution uses a custom Jira workflow that allows developers to manage and document risks. As the issue moves through the workflow, bidirectional integration ensures that the status of the Jira ticket and Security Hub CSPM finding is synchronized across the workflows in both services. This workflow is a derivative of _SecDevOps Risk Workflow_ by Dinis Cruz, licensed licensed under [Apache License version 2.0](https://www.apache.org/licenses/LICENSE-2.0). We recommend adding a Jira workflow condition so that only members of your security team can change the ticket status. @@ -48 +48 @@ For an example of a Jira ticket automatically generated by this solution, see th - * Security Hub is enabled on your AWS accounts. + * Security Hub CSPM is enabled on your AWS accounts. @@ -50 +50 @@ For an example of a Jira ticket automatically generated by this solution, see th - * In AWS Organizations, you have designated a Security Hub administrator account. + * In AWS Organizations, you have designated a Security Hub CSPM administrator account. @@ -60 +60 @@ For an example of a Jira ticket automatically generated by this solution, see th - * Security Hub is enabled on your AWS account. + * Security Hub CSPM is enabled on your AWS account. @@ -85 +85 @@ _Scenario 1: Developer addresses the issue_ - 1. Security Hub generates a finding against a specified security control, such as those in the [AWS Foundational Security Best Practices standard](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp.html). + 1. Security Hub CSPM generates a finding against a specified security control, such as those in the [AWS Foundational Security Best Practices standard](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp.html). @@ -97 +97 @@ _Scenario 1: Developer addresses the issue_ - 7. Security Hub updates the finding as `ARCHIVED`, and a new event is generated. This event causes the Lambda function to automatically close the Jira ticket. + 7. Security Hub CSPM updates the finding as `ARCHIVED`, and a new event is generated. This event causes the Lambda function to automatically close the Jira ticket. @@ -106 +106 @@ _Scenario 2: Developer decides to accept the risk_ - 1. Security Hub generates a finding against a specified security control, such as those in the [AWS Foundational Security Best Practices standard](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp.html). + 1. Security Hub CSPM generates a finding against a specified security control, such as those in the [AWS Foundational Security Best Practices standard](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp.html). @@ -120 +120 @@ _Scenario 2: Developer decides to accept the risk_ - 8. A CloudWatch daily event initiates the refresh Lambda function, which identifies closed Jira tickets and updates their related Security Hub findings as `SUPPRESSED`. + 8. A CloudWatch daily event initiates the refresh Lambda function, which identifies closed Jira tickets and updates their related Security Hub CSPM findings as `SUPPRESSED`. @@ -141 +141 @@ _Scenario 2: Developer decides to accept the risk_ - * [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides a comprehensive view of your security state in AWS. It also helps you check your AWS environment against security industry standards and best practices. + * [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides a comprehensive view of your security state in AWS. It also helps you check your AWS environment against security industry standards and best practices. @@ -182,2 +182,2 @@ Identify the findings you want to automate.| - 1. Open the [Security Hub console](https://console.aws.amazon.com/securityhub/). - 2. In the Security Hub navigation pane, choose **Findings**. + 1. Open the [Security Hub CSPM console](https://console.aws.amazon.com/securityhub/). + 2. In the Security Hub CSPM navigation pane, choose **Findings**. @@ -241 +241 @@ If you are using Jira Cloud, for **Key/value pairs** , do the following: -Create the Security Hub custom action.| +Create the Security Hub CSPM custom action.| @@ -243 +243 @@ Create the Security Hub custom action.| - 1. For each AWS Region, in the AWS Command Line Interface (AWS CLI), use the [create-action-target](https://docs.aws.amazon.com/cli/latest/reference/securityhub/create-action-target.html) command to create a Security Hub custom action named `CreateJiraIssue`. + 1. For each AWS Region, in the AWS Command Line Interface (AWS CLI), use the [create-action-target](https://docs.aws.amazon.com/cli/latest/reference/securityhub/create-action-target.html) command to create a Security Hub CSPM custom action named `CreateJiraIssue`. @@ -250,2 +250,2 @@ Create the Security Hub custom action.| - 2. Open the [Security Hub console](https://console.aws.amazon.com/securityhub/). - 3. In the Security Hub navigation pane, choose **Findings**. + 2. Open the [Security Hub CSPM console](https://console.aws.amazon.com/securityhub/). + 3. In the Security Hub CSPM navigation pane, choose **Findings**. @@ -270 +270 @@ Create the Security Hub custom action.| -When a specified Security Hub finding occurs, this solution automatically creates a Jira ticket. The ticket includes the following information: +When a specified Security Hub CSPM finding occurs, this solution automatically creates a Jira ticket. The ticket includes the following information: @@ -276 +276 @@ When a specified Security Hub finding occurs, this solution automatically create - * **Description** – The description section of the ticket describes the security control associated with the finding, includes a link to the finding in the Security Hub console, and provides a short description of how to handle the security issue in the Jira workflow. + * **Description** – The description section of the ticket describes the security control associated with the finding, includes a link to the finding in the Security Hub CSPM console, and provides a short description of how to handle the security issue in the Jira workflow. @@ -285 +285 @@ Title| AWS Security Issue :: 012345678912 :: Lambda.1 Lambda function policies s -**Description**| **What is the problem?** We detected a security finding within the AWS account 012345678912 you are responsible for.This control checks whether the AWS Lambda function policy attached to the Lambda resource prohibits public access. If the Lambda function policy allows public access, the control fails.<Link to Security Hub finding>**What do I need to do with the ticket?** +**Description**| **What is the problem?** We detected a security finding within the AWS account 012345678912 you are responsible for.This control checks whether the AWS Lambda function policy attached to the Lambda resource prohibits public access. If the Lambda function policy allows public access, the control fails.<Link to Security Hub CSPM finding>**What do I need to do with the ticket?**