AWS wellarchitected documentation change
Summary
Updated references to 'Security Hub' to specify 'Security Hub CSPM' throughout the document for clarity in non-compliant resource remediation workflows.
Security assessment
The changes only refine terminology to specify the CSPM aspect of Security Hub without introducing new security concepts, addressing vulnerabilities, or altering security recommendations. No evidence of security vulnerability fixes.
Diff
diff --git a/wellarchitected/2024-06-27/framework/sec_detect_investigate_events_noncompliant_resources.md b/wellarchitected/2024-06-27/framework/sec_detect_investigate_events_noncompliant_resources.md index e3c01a511..dabdecbe9 100644 --- a//wellarchitected/2024-06-27/framework/sec_detect_investigate_events_noncompliant_resources.md +++ b//wellarchitected/2024-06-27/framework/sec_detect_investigate_events_noncompliant_resources.md @@ -32 +32 @@ While automation can enhance security operations, you should implement and manag -As described in [SEC01-BP03 Identify and validate control objectives](./sec_securely_operate_control_objectives.html), services such as [AWS Config](https://aws.amazon.com/config/) can help you monitor the configuration of resources in your accounts for adherence to your requirements. When non-compliant resources are detected, we recommend that you configure sending alerts to a cloud security posture management (CSPM) solution, such as [AWS Security Hub](https://aws.amazon.com/security-hub/), to help with remediation. These solutions provide a central place for your security investigators to monitor for issues and take corrective action. +As described in [SEC01-BP03 Identify and validate control objectives](./sec_securely_operate_control_objectives.html), services such as [AWS Config](https://aws.amazon.com/config/) can help you monitor the configuration of resources in your accounts for adherence to your requirements. When non-compliant resources are detected, we recommend that you configure sending alerts to a cloud security posture management (CSPM) solution, such as [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/), to help with remediation. These solutions provide a central place for your security investigators to monitor for issues and take corrective action. @@ -36 +36 @@ While some non-compliant resource situations are unique and require human judgme -Once you define the desired remediation, you can then determine your preferred means for initiating it. AWS Config can [initiate remediations](https://docs.aws.amazon.com/config/latest/developerguide/remediation.html) for you. If you are using Security Hub, you can do this through [custom actions](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cwe-custom-actions.html), which publishes the finding information to [Amazon EventBridge](https://aws.amazon.com/eventbridge/). An EventBridge rule can then initiate your remediation. You can configure the custom action in Security Hub to run either automatically or manually. +Once you define the desired remediation, you can then determine your preferred means for initiating it. AWS Config can [initiate remediations](https://docs.aws.amazon.com/config/latest/developerguide/remediation.html) for you. If you are using Security Hub CSPM, you can do this through [custom actions](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cwe-custom-actions.html), which publishes the finding information to [Amazon EventBridge](https://aws.amazon.com/eventbridge/). An EventBridge rule can then initiate your remediation. You can configure the custom action in Security Hub CSPM to run either automatically or manually. @@ -38 +38 @@ Once you define the desired remediation, you can then determine your preferred m -For programmatic remediation, we recommend that you have comprehensive logs and audits for the actions taken, as well as their outcomes. Review and analyze these logs to assess the effectiveness of the automated processes, and identify areas of improvement. Capture logs in [Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html) and remediation outcomes as [finding notes](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings.html) in Security Hub. +For programmatic remediation, we recommend that you have comprehensive logs and audits for the actions taken, as well as their outcomes. Review and analyze these logs to assess the effectiveness of the automated processes, and identify areas of improvement. Capture logs in [Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html) and remediation outcomes as [finding notes](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings.html) in Security Hub CSPM. @@ -46 +46 @@ As a starting point, consider [Automated Security Response on AWS](https://aws.a - 1. Consolidate security alerts from various AWS services into Security Hub for centralized visibility, prioritization, and remediation. + 1. Consolidate security alerts from various AWS services into Security Hub CSPM for centralized visibility, prioritization, and remediation. @@ -60 +60 @@ As a starting point, consider [Automated Security Response on AWS](https://aws.a - 1. Send log output to CloudWatch Logs. Capture outcomes as finding notes in Security Hub. + 1. Send log output to CloudWatch Logs. Capture outcomes as finding notes in Security Hub CSPM.