AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/latest/framework/sec_detect_investigate_events_security_alerts.md

Summary

Replaced 'AWS Security Hub' with 'AWS Security Hub CSPM' in alert sources and updated a blog reference to include CSPM.

Security assessment

Changes solely update service nomenclature to 'CSPM' without modifying security guidance or addressing vulnerabilities. No security implications beyond terminology refinement.

Diff

diff --git a/wellarchitected/latest/framework/sec_detect_investigate_events_security_alerts.md b/wellarchitected/latest/framework/sec_detect_investigate_events_security_alerts.md
index f9dc3c6dd..ba1b87150 100644
--- a//wellarchitected/latest/framework/sec_detect_investigate_events_security_alerts.md
+++ b//wellarchitected/latest/framework/sec_detect_investigate_events_security_alerts.md
@@ -32 +32 @@ Security alerts can come from many different sources within AWS, including:
-  * Services such as [Amazon GuardDuty](https://aws.amazon.com/guardduty/), [AWS Security Hub](https://aws.amazon.com/security-hub/), [Amazon Macie](https://aws.amazon.com/macie/), [Amazon Inspector](https://aws.amazon.com/inspector/), [AWS Config](https://aws.amazon.com/config/), [AWS Identity and Access Management Access Analyzer](https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html), and [Network Access Analyzer](https://docs.aws.amazon.com/vpc/latest/network-access-analyzer/what-is-vaa.html)
+  * Services such as [Amazon GuardDuty](https://aws.amazon.com/guardduty/), [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/), [Amazon Macie](https://aws.amazon.com/macie/), [Amazon Inspector](https://aws.amazon.com/inspector/), [AWS Config](https://aws.amazon.com/config/), [AWS Identity and Access Management Access Analyzer](https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html), and [Network Access Analyzer](https://docs.aws.amazon.com/vpc/latest/network-access-analyzer/what-is-vaa.html)
@@ -55 +55 @@ While the initial criticality of an alert is an aid for prioritization, the cont
-  2. Establish a mechanism for capturing alerts from different sources. Consider services such as Security Hub, EventBridge, and CloudWatch for this purpose. 
+  2. Establish a mechanism for capturing alerts from different sources. Consider services such as Security Hub CSPM, EventBridge, and CloudWatch for this purpose. 
@@ -90 +90 @@ While the initial criticality of an alert is an aid for prioritization, the cont
-  * [How to enrich AWS Security Hub findings with account metadata](https://aws.amazon.com/blogs/security/how-to-enrich-aws-security-hub-findings-with-account-metadata/)
+  * [How to enrich AWS Security Hub CSPM findings with account metadata](https://aws.amazon.com/blogs/security/how-to-enrich-aws-security-hub-findings-with-account-metadata/)