AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/latest/management-and-governance-guide/integrated-security-management-partners.md

Summary

Updated partner integration references from generic 'Security Hub' to 'Security Hub CSPM' for Cloud Custodian, Prowler, Qualys, and Rapid7

Security assessment

Changes clarify integration points with AWS Security Hub's Cloud Security Posture Management (CSPM) feature but don't address vulnerabilities or incidents. The updates enhance accuracy of security documentation by specifying CSPM context, helping users understand partner tool integrations for security posture management.

Diff

diff --git a/wellarchitected/latest/management-and-governance-guide/integrated-security-management-partners.md b/wellarchitected/latest/management-and-governance-guide/integrated-security-management-partners.md
index 5ad4112e3..c6f4fd3ae 100644
--- a//wellarchitected/latest/management-and-governance-guide/integrated-security-management-partners.md
+++ b//wellarchitected/latest/management-and-governance-guide/integrated-security-management-partners.md
@@ -28 +28 @@ To help improve the security posture across a multi-account environment, you nee
-[Cloud Custodian](https://aws.amazon.com/security-hub/partners/) is a tool that unifies the dozens of tools and scripts most enterprises use for managing their public cloud accounts into one open source tool. It uses a stateless rules engine for policy definition and enforcement, with metrics, structured outputs and detailed reporting for clouds infrastructure. Cloud Custodian's integration with Security Hub allows it to both send findings to Security and receive findings for response and remediation actions. 
+[Cloud Custodian](https://aws.amazon.com/security-hub/partners/) is a tool that unifies the dozens of tools and scripts most enterprises use for managing their public cloud accounts into one open source tool. It uses a stateless rules engine for policy definition and enforcement, with metrics, structured outputs and detailed reporting for clouds infrastructure. Cloud Custodian's integration with Security Hub CSPM allows it to both send findings to Security and receive findings for response and remediation actions. 
@@ -38 +38 @@ To help improve the security posture across a multi-account environment, you nee
-[Prowler](https://aws.amazon.com/security-hub/partners/) is a security assessment tool that gives customers direct insights into the security best practices of their AWS infrastructure. Customers can run Prowler to continuously monitor their security status. The main differentiators between Prowler and other existing services or solutions are the number of checks that are included out-of-the-box; no configuration needed to get insights; and no direct cost associated to its use. Prowler's checks follow guidelines from the CIS Amazon Web Services Foundations Benchmark and performs additional checks related to GDPR, PCI, and HIPAA. Prowler supports natively sending findings to AWS Security Hub. 
+[Prowler](https://aws.amazon.com/security-hub/partners/) is a security assessment tool that gives customers direct insights into the security best practices of their AWS infrastructure. Customers can run Prowler to continuously monitor their security status. The main differentiators between Prowler and other existing services or solutions are the number of checks that are included out-of-the-box; no configuration needed to get insights; and no direct cost associated to its use. Prowler's checks follow guidelines from the CIS Amazon Web Services Foundations Benchmark and performs additional checks related to GDPR, PCI, and HIPAA. Prowler supports natively sending findings to AWS Security Hub CSPM. 
@@ -40 +40 @@ To help improve the security posture across a multi-account environment, you nee
-[Qualys](https://aws.amazon.com/security-hub/partners/) The Qualys integration with AWS Security Hub provides customers the ability to consume security and compliance findings about their AWS Instances and accounts within the AWS Security Hub console. Customers have access to critical vulnerabilities, missing patches, open ports, as well as the compliance to CIS, PCI, NIST, HIPAA, and security policies of their Instances and AMIs. Customers can also assess misconfigurations of VPCs, Security Groups, Amazon S3, and IAM against the CIS Benchmark. The Qualys integration with AWS Security Hub allows customers to prioritize their risks and automate remediation using services, such as AWS Lambda. 
+[Qualys](https://aws.amazon.com/security-hub/partners/) The Qualys integration with AWS Security Hub CSPM provides customers the ability to consume security and compliance findings about their AWS Instances and accounts within the AWS Security Hub CSPM console. Customers have access to critical vulnerabilities, missing patches, open ports, as well as the compliance to CIS, PCI, NIST, HIPAA, and security policies of their Instances and AMIs. Customers can also assess misconfigurations of VPCs, Security Groups, Amazon S3, and IAM against the CIS Benchmark. The Qualys integration with AWS Security Hub CSPM allows customers to prioritize their risks and automate remediation using services, such as AWS Lambda. 
@@ -42 +42 @@ To help improve the security posture across a multi-account environment, you nee
-[Rapid7](https://aws.amazon.com/security-hub/partners/) InsightVM, a vulnerability assessment solution, uses the power of the Insight platform to provide visibility across your modern ecosystem, prioritize risk using attacker analytics, and remediate or contain threats with SecOps agility. With InsightVM, vulnerabilities are discovered in real time and prioritized actionably. By integrating InsightVM with AWS Security Hub, vulnerabilities detected in a business's Amazon EC2 instances are automatically sent to AWS Security Hub for a holistic view of its cloud security posture. With additional vulnerability context from InsightVM, businesses can prioritize its team’s security tasks more efficiently and reduce measurable risk in its AWS Cloud. 
+[Rapid7](https://aws.amazon.com/security-hub/partners/) InsightVM, a vulnerability assessment solution, uses the power of the Insight platform to provide visibility across your modern ecosystem, prioritize risk using attacker analytics, and remediate or contain threats with SecOps agility. With InsightVM, vulnerabilities are discovered in real time and prioritized actionably. By integrating InsightVM with AWS Security Hub CSPM, vulnerabilities detected in a business's Amazon EC2 instances are automatically sent to AWS Security Hub CSPM for a holistic view of its cloud security posture. With additional vulnerability context from InsightVM, businesses can prioritize its team’s security tasks more efficiently and reduce measurable risk in its AWS Cloud.