AWS securityhub documentation change
Summary
Updated references from 'Security Hub' to 'Security Hub CSPM' throughout the document, including user guide references, console mentions, and team contacts.
Security assessment
Changes are purely rebranding/naming updates (Security Hub → Security Hub CSPM) without modifying security guidance, vulnerability details, or security controls. No evidence of security vulnerability fixes or new security features.
Diff
diff --git a/securityhub/latest/partnerguide/guidelines-asff-mapping.md b/securityhub/latest/partnerguide/guidelines-asff-mapping.md index da073b87e..aae613636 100644 --- a//securityhub/latest/partnerguide/guidelines-asff-mapping.md +++ b//securityhub/latest/partnerguide/guidelines-asff-mapping.md @@ -9 +9 @@ Identifying informationTitle and DescriptionFinding typesTimestampsSeverityRemed -Use the following guidelines to map your findings to the ASFF. For detailed descriptions of each ASFF field and object, see [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) in the _AWS Security Hub User Guide_. +Use the following guidelines to map your findings to the ASFF. For detailed descriptions of each ASFF field and object, see [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) in the _AWS Security Hub CSPM User Guide_. @@ -15 +15 @@ Use the following guidelines to map your findings to the ASFF. For detailed desc -`ProductArn` is the ARN that AWS Security Hub assigns to you. +`ProductArn` is the ARN that AWS Security Hub CSPM assigns to you. @@ -17 +17 @@ Use the following guidelines to map your findings to the ASFF. For detailed desc -`Id` is the value that Security Hub uses to index findings. The finding identifier must be unique, to ensure that other findings are not overwritten. To update a finding, resubmit the finding with the same identifier. +`Id` is the value that Security Hub CSPM uses to index findings. The finding identifier must be unique, to ensure that other findings are not overwritten. To update a finding, resubmit the finding with the same identifier. @@ -75 +75 @@ The severity value from your system. `Original` can be any string, to accommodat -The required Security Hub indicator of the finding severity. The allowed values are as follows. +The required Security Hub CSPM indicator of the finding severity. The allowed values are as follows. @@ -98 +98 @@ Your integration documentation must include your mapping rationale. -`Remediation` has two elements. These elements are combined on the Security Hub console. +`Remediation` has two elements. These elements are combined on the Security Hub CSPM console. @@ -102 +102 @@ Your integration documentation must include your mapping rationale. -Currently, only findings from Security Hub standards, IAM Access Analyzer, and Firewall Manager display hyperlinks to documentation on how to remediate the finding. +Currently, only findings from Security Hub CSPM standards, IAM Access Analyzer, and Firewall Manager display hyperlinks to documentation on how to remediate the finding. @@ -108 +108 @@ Only use `SourceUrl` if you can provide a deep-linked URL to your console for th -Security Hub does not support hyperlinks from this field, but it is exposed on the Security Hub console. +Security Hub CSPM does not support hyperlinks from this field, but it is exposed on the Security Hub CSPM console. @@ -112 +112 @@ Security Hub does not support hyperlinks from this field, but it is exposed on t -Where applicable, use `Malware`, `Network`, `Process`, or `ThreatIntelIndicators`. Each of these objects is exposed in the Security Hub console. Use these objects in the context of the finding that you are sending. +Where applicable, use `Malware`, `Network`, `Process`, or `ThreatIntelIndicators`. Each of these objects is exposed in the Security Hub CSPM console. Use these objects in the context of the finding that you are sending. @@ -157 +157 @@ Indicates the type of malware. The allowed values are `ADWARE` | `BLENDED_THREAT -If you need an additional value for `Type`, contact the Security Hub team. +If you need an additional value for `Type`, contact the Security Hub CSPM team. @@ -247 +247 @@ Create two `ThreatIntelIndicator` objects. One is for the malware. The other is -For `Resources`, use our provided resource types and detail fields whenever possible. Security Hub is constantly adding new resources to the ASFF. To receive a monthly log of the changes to ASFF, contact `<[[email protected]](mailto:[email protected])>`. +For `Resources`, use our provided resource types and detail fields whenever possible. Security Hub CSPM is constantly adding new resources to the ASFF. To receive a monthly log of the changes to ASFF, contact `<[[email protected]](mailto:[email protected])>`. @@ -265 +265 @@ Only use `Compliance` if your findings are related to compliance. -Security Hub uses `Compliance` for the findings it generates based on controls. +Security Hub CSPM uses `Compliance` for the findings it generates based on controls. @@ -292 +292 @@ For these fields, map to the fields that are in the `FindingProviderFields` obje - * `RelatedFindings` – Only provide related findings if you can keep track of findings related to the same resource or finding type. To identify a related finding, you must refer to the finding identifier of a finding that is already in Security Hub. + * `RelatedFindings` – Only provide related findings if you can keep track of findings related to the same resource or finding type. To identify a related finding, you must refer to the finding identifier of a finding that is already in Security Hub CSPM.