AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/2022-03-31/framework/sec_detect_investigate_events_analyze_all.md

Summary

Updated references from 'AWS Security Hub' to 'AWS Security Hub CSPM' throughout document, including links and service names

Security assessment

The change clarifies the use of CSPM (Cloud Security Posture Management) capabilities within Security Hub, which is a security feature enhancement documentation. There is no evidence of addressing a specific vulnerability or security incident.

Diff

diff --git a/wellarchitected/2022-03-31/framework/sec_detect_investigate_events_analyze_all.md b/wellarchitected/2022-03-31/framework/sec_detect_investigate_events_analyze_all.md
index 9e6575a68..111945ef1 100644
--- a//wellarchitected/2022-03-31/framework/sec_detect_investigate_events_analyze_all.md
+++ b//wellarchitected/2022-03-31/framework/sec_detect_investigate_events_analyze_all.md
@@ -15 +15 @@ This best practice applies not only to security events generated from log messag
-Amazon GuardDuty and AWS Security Hub provide aggregation, deduplication, and analysis mechanisms for log records that are also made available to you via other AWS services. GuardDuty ingests, aggregates, and analyzes information from sources such as AWS CloudTrail management and data events, VPC DNS logs, and VPC Flow Logs. Security Hub can ingest, aggregate, and analyze output from GuardDuty, AWS Config, Amazon Inspector, Amazon Macie, AWS Firewall Manager, and a significant number of third-party security products available in the AWS Marketplace, and if built accordingly, your own code. Both GuardDuty and Security Hub have an Administrator-Member model that can aggregate findings and insights across multiple accounts, and Security Hub is often used by customers who have an on- premises SIEM as an AWS-side log and alert preprocessor and aggregator from which they can then ingest Amazon EventBridge through a AWS Lambda-based processor and forwarder.
+Amazon GuardDuty and AWS Security Hub CSPM provide aggregation, deduplication, and analysis mechanisms for log records that are also made available to you via other AWS services. GuardDuty ingests, aggregates, and analyzes information from sources such as AWS CloudTrail management and data events, VPC DNS logs, and VPC Flow Logs. Security Hub CSPM can ingest, aggregate, and analyze output from GuardDuty, AWS Config, Amazon Inspector, Amazon Macie, AWS Firewall Manager, and a significant number of third-party security products available in the AWS Marketplace, and if built accordingly, your own code. Both GuardDuty and Security Hub CSPM have an Administrator-Member model that can aggregate findings and insights across multiple accounts, and Security Hub CSPM is often used by customers who have an on- premises SIEM as an AWS-side log and alert preprocessor and aggregator from which they can then ingest Amazon EventBridge through a AWS Lambda-based processor and forwarder.
@@ -48 +48 @@ Amazon GuardDuty and AWS Security Hub provide aggregation, deduplication, and an
-  * [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html)
+  * [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html)
@@ -65 +65 @@ Amazon GuardDuty and AWS Security Hub provide aggregation, deduplication, and an
-  * [Remediating Amazon GuardDuty and AWS Security Hub Findings ](https://youtu.be/nyh4imv8zuk)
+  * [Remediating Amazon GuardDuty and AWS Security Hub CSPM Findings ](https://youtu.be/nyh4imv8zuk)
@@ -67 +67 @@ Amazon GuardDuty and AWS Security Hub provide aggregation, deduplication, and an
-  * [ Threat management in the cloud: Amazon GuardDuty and AWS Security Hub](https://youtu.be/vhYsm5gq9jE)
+  * [ Threat management in the cloud: Amazon GuardDuty and AWS Security Hub CSPM](https://youtu.be/vhYsm5gq9jE)