AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-12-10 · Documentation low

File: prescriptive-guidance/latest/patterns/create-a-report-of-network-access-analyzer-findings-for-inbound-internet-access-in-multiple-aws-accounts.md

Summary

Updated all references from 'Security Hub' to 'Security Hub CSPM' including console links, parameter descriptions, and documentation URLs

Security assessment

The change updates terminology to reflect Security Hub's CSPM capabilities but doesn't address any specific vulnerability. It enhances documentation about security posture management features without evidence of fixing a security flaw.

Diff

diff --git a/prescriptive-guidance/latest/patterns/create-a-report-of-network-access-analyzer-findings-for-inbound-internet-access-in-multiple-aws-accounts.md b/prescriptive-guidance/latest/patterns/create-a-report-of-network-access-analyzer-findings-for-inbound-internet-access-in-multiple-aws-accounts.md
index bac806ee8..b46d74d64 100644
--- a//prescriptive-guidance/latest/patterns/create-a-report-of-network-access-analyzer-findings-for-inbound-internet-access-in-multiple-aws-accounts.md
+++ b//prescriptive-guidance/latest/patterns/create-a-report-of-network-access-analyzer-findings-for-inbound-internet-access-in-multiple-aws-accounts.md
@@ -34 +34 @@ This solution was designed with the following in mind:
-  * A Python script processes the findings, extracts the data, and then consolidates the results. You can choose to review the consolidated report of Network Access Analyzer findings in CSV format or in AWS Security Hub. An example of the CSV report is available in the Additional information section of this pattern.
+  * A Python script processes the findings, extracts the data, and then consolidates the results. You can choose to review the consolidated report of Network Access Analyzer findings in CSV format or in AWS Security Hub CSPM. An example of the CSV report is available in the Additional information section of this pattern.
@@ -53 +53 @@ This solution was designed with the following in mind:
-  * If you’re uploading the findings to Security Hub, Security Hub must be enabled in the account and AWS Region where the Amazon EC2 instance is provisioned. For more information, see [Setting up AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html).
+  * If you’re uploading the findings to Security Hub CSPM, Security Hub CSPM must be enabled in the account and AWS Region where the Amazon EC2 instance is provisioned. For more information, see [Setting up AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html).
@@ -102 +102 @@ If you’re automatically running the solution, the **naa-script.sh** script sta
-_Option 2: Access findings in AWS Security Hub_
+_Option 2: Access findings in AWS Security Hub CSPM_
@@ -120 +120 @@ If you’re automatically running the solution, the **naa-script.sh** script sta
-  6. The Amazon EC2 instance uses a Python script to process the JSON files and extract the data fields for import into Security Hub.
+  6. The Amazon EC2 instance uses a Python script to process the JSON files and extract the data fields for import into Security Hub CSPM.
@@ -122 +122 @@ If you’re automatically running the solution, the **naa-script.sh** script sta
-  7. The Amazon EC2 instance imports the Network Access Analyzer findings to Security Hub.
+  7. The Amazon EC2 instance imports the Network Access Analyzer findings to Security Hub CSPM.
@@ -126 +126 @@ If you’re automatically running the solution, the **naa-script.sh** script sta
-  9. The user views the findings in Security Hub.
+  9. The user views the findings in Security Hub CSPM.
@@ -149 +149 @@ If you want adjust the schedule after the `NAA-Resources` stack has been deploye
-  * [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides a comprehensive view of your security state in AWS. It also helps you check your AWS environment against security industry standards and best practices.
+  * [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides a comprehensive view of your security state in AWS. It also helps you check your AWS environment against security industry standards and best practices.
@@ -174 +174 @@ If this stack is deleted and redeployed, you must rebuild the `NAAExecRole` stac
-  * **naa-processfindings.py** – The **naa-script.sh** script automatically calls this Python script to process the Network Access Analyzer JSON outputs, exclude any known-good resources in the **naa-exclusions.csv** file, and then either generate a CSV file of the consolidated results or import the results into Security Hub.
+  * **naa-processfindings.py** – The **naa-script.sh** script automatically calls this Python script to process the Network Access Analyzer JSON outputs, exclude any known-good resources in the **naa-exclusions.csv** file, and then either generate a CSV file of the consolidated results or import the results into Security Hub CSPM.
@@ -227,2 +227,2 @@ The Amazon SNS subscription configuration must be confirmed prior to completion
-     * `FindingsToSecurityHub` – Specify whether findings should be imported into Security Hub. Accepted values are `true` and `false`.
-     * `EmailNotificationsForSecurityHub` – Specify whether importing findings into Security Hub should generate email notifications. Accepted values are `true` and `false`.
+     * `FindingsToSecurityHub` – Specify whether findings should be imported into Security Hub CSPM. Accepted values are `true` and `false`.
+     * `EmailNotificationsForSecurityHub` – Specify whether importing findings into Security Hub CSPM should generate email notifications. Accepted values are `true` and `false`.
@@ -297 +297 @@ Note the following:
-  3. Wait for the analysis to complete. If you configured email notifications, you receive an email when the results have been uploaded to the Amazon S3 bucket or imported into Security Hub.
+  3. Wait for the analysis to complete. If you configured email notifications, you receive an email when the results have been uploaded to the Amazon S3 bucket or imported into Security Hub CSPM.
@@ -306 +306 @@ Option 1 – Retrieve the results from the Amazon S3 bucket.|
-Option 2 – Review the results in Security Hub.| 
+Option 2 – Review the results in Security Hub CSPM.| 
@@ -308 +308 @@ Option 2 – Review the results in Security Hub.|
-  1. Open the [Security Hub console](https://console.aws.amazon.com/securityhub/).
+  1. Open the [Security Hub CSPM console](https://console.aws.amazon.com/securityhub/).
@@ -310 +310 @@ Option 2 – Review the results in Security Hub.|
-  3. Review the Network Access Analyzer findings. For instructions, see [Viewing finding lists and details](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-viewing.html) in the Security Hub documentation.
+  3. Review the Network Access Analyzer findings. For instructions, see [Viewing finding lists and details](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-viewing.html) in the Security Hub CSPM documentation.