AWS prescriptive-guidance documentation change
Summary
Updated all 'Security Hub' references to 'Security Hub CSPM', including automation examples and image captions
Security assessment
Consistently specifies CSPM features in security automation contexts. The change improves accuracy of security documentation but doesn't address vulnerabilities or weaknesses.
Diff
diff --git a/prescriptive-guidance/latest/strategy-accelerating-security-maturity/optimize.md b/prescriptive-guidance/latest/strategy-accelerating-security-maturity/optimize.md index 39fe62e8d..8766f3694 100644 --- a//prescriptive-guidance/latest/strategy-accelerating-security-maturity/optimize.md +++ b//prescriptive-guidance/latest/strategy-accelerating-security-maturity/optimize.md @@ -7 +7 @@ -In the optimize phase, you automate your security operations. Like the crawl and walk stages, you can use AWS Security Hub during the run stage to achieve automation and iteration. The following image shows how Security Hub can trigger a custom [Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is.html) rule that defines automatic actions to take against specific findings and insights. For more information, see [Automations](https://docs.aws.amazon.com/securityhub/latest/userguide/automations.html) in the Security Hub documentation. +In the optimize phase, you automate your security operations. Like the crawl and walk stages, you can use AWS Security Hub CSPM during the run stage to achieve automation and iteration. The following image shows how Security Hub CSPM can trigger a custom [Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is.html) rule that defines automatic actions to take against specific findings and insights. For more information, see [Automations](https://docs.aws.amazon.com/securityhub/latest/userguide/automations.html) in the Security Hub CSPM documentation. @@ -9 +9 @@ In the optimize phase, you automate your security operations. Like the crawl and - + @@ -11 +11 @@ In the optimize phase, you automate your security operations. Like the crawl and -By using Security Hub as a central automation hub, you can also forward activities to [Splunk](https://www.splunk.com). Splunk can then detect the ones that are anomalous and trigger corresponding actions in EventBridge. This helps you automate repetitive tasks and provides more time for skilled team members to focus on higher-value activities. You can also use [AWS Step Functions](https://docs.aws.amazon.com/step-functions/latest/dg/welcome.html) to collect logs, take forensic snapshots, quarantine compromised servers, and replace them with a golden image. Additionally, you can use an [AWS Lambda](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html) function that uses [AWS Systems Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html) to remediate vulnerabilities across the environment and uses an [Amazon Simple Queue Service (Amazon SQS)](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/welcome.html) function to validate the security of the systems. By taking this approach, it's possible to quickly contain and remediate security incidents with minimal impact to normal business operations. +By using Security Hub CSPM as a central automation hub, you can also forward activities to [Splunk](https://www.splunk.com). Splunk can then detect the ones that are anomalous and trigger corresponding actions in EventBridge. This helps you automate repetitive tasks and provides more time for skilled team members to focus on higher-value activities. You can also use [AWS Step Functions](https://docs.aws.amazon.com/step-functions/latest/dg/welcome.html) to collect logs, take forensic snapshots, quarantine compromised servers, and replace them with a golden image. Additionally, you can use an [AWS Lambda](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html) function that uses [AWS Systems Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html) to remediate vulnerabilities across the environment and uses an [Amazon Simple Queue Service (Amazon SQS)](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/welcome.html) function to validate the security of the systems. By taking this approach, it's possible to quickly contain and remediate security incidents with minimal impact to normal business operations.