AWS wellarchitected documentation change
Summary
Updated references from 'AWS Security Hub' to 'AWS Security Hub CSPM' and added CSPM references to remediation steps and logging processes.
Security assessment
Changes involve rebranding/refinement of service names without introducing new security concepts or addressing vulnerabilities. No evidence of security incident remediation.
Diff
diff --git a/wellarchitected/latest/framework/sec_detect_investigate_events_noncompliant_resources.md b/wellarchitected/latest/framework/sec_detect_investigate_events_noncompliant_resources.md index 18b159617..3dbb4a372 100644 --- a//wellarchitected/latest/framework/sec_detect_investigate_events_noncompliant_resources.md +++ b//wellarchitected/latest/framework/sec_detect_investigate_events_noncompliant_resources.md @@ -32 +32 @@ While automation can enhance security operations, you should implement and manag -As described in [SEC01-BP03 Identify and validate control objectives](./sec_securely_operate_control_objectives.html), services such as [AWS Config](https://aws.amazon.com/config/) and [AWS Security Hub](https://aws.amazon.com/security-hub/) can help you monitor the configuration of resources in your accounts for adherence to your requirements. When non-compliant resources are detected, services such as AWS Security Hub, can help with routing alerts appropriately and remediation. These solutions provide a central place for your security investigators to monitor for issues and take corrective action. +As described in [SEC01-BP03 Identify and validate control objectives](./sec_securely_operate_control_objectives.html), services such as [AWS Config](https://aws.amazon.com/config/) and [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/) can help you monitor the configuration of resources in your accounts for adherence to your requirements. When non-compliant resources are detected, services such as AWS Security Hub CSPM, can help with routing alerts appropriately and remediation. These solutions provide a central place for your security investigators to monitor for issues and take corrective action. @@ -36 +36 @@ While some non-compliant resource situations are unique and require human judgme -Once you define the desired remediation, you can then determine your preferred means for initiating it. AWS Config can [initiate remediations](https://docs.aws.amazon.com/config/latest/developerguide/remediation.html) for you. If you are using Security Hub, you can do this through [custom actions](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cwe-custom-actions.html), which publishes the finding information to [Amazon EventBridge](https://aws.amazon.com/eventbridge/). An EventBridge rule can then initiate your remediation. You can configure remediations through Security Hub to run either automatically or manually. +Once you define the desired remediation, you can then determine your preferred means for initiating it. AWS Config can [initiate remediations](https://docs.aws.amazon.com/config/latest/developerguide/remediation.html) for you. If you are using Security Hub CSPM, you can do this through [custom actions](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cwe-custom-actions.html), which publishes the finding information to [Amazon EventBridge](https://aws.amazon.com/eventbridge/). An EventBridge rule can then initiate your remediation. You can configure remediations through Security Hub CSPM to run either automatically or manually. @@ -38 +38 @@ Once you define the desired remediation, you can then determine your preferred m -For programmatic remediation, we recommend that you have comprehensive logs and audits for the actions taken, as well as their outcomes. Review and analyze these logs to assess the effectiveness of the automated processes, and identify areas of improvement. Capture logs in [Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html) and remediation outcomes as [finding notes](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings.html) in Security Hub. +For programmatic remediation, we recommend that you have comprehensive logs and audits for the actions taken, as well as their outcomes. Review and analyze these logs to assess the effectiveness of the automated processes, and identify areas of improvement. Capture logs in [Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html) and remediation outcomes as [finding notes](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings.html) in Security Hub CSPM. @@ -46 +46 @@ As a starting point, consider [Automated Security Response on AWS](https://aws.a - 1. Consolidate security alerts from various AWS services into Security Hub for centralized visibility, prioritization, and remediation. + 1. Consolidate security alerts from various AWS services into Security Hub CSPM for centralized visibility, prioritization, and remediation. @@ -60 +60 @@ As a starting point, consider [Automated Security Response on AWS](https://aws.a - 1. Send log output to CloudWatch Logs. Capture outcomes as finding notes in Security Hub. + 1. Send log output to CloudWatch Logs. Capture outcomes as finding notes in Security Hub CSPM.