AWS Security ChangesHomeSearch

AWS security-ir documentation change

Service: security-ir · 2026-04-10 · Documentation low

File: security-ir/latest/userguide/onboarding-guide.md

Summary

Replaced detailed onboarding prerequisites and third-party EDR setup instructions with a high-level service description and link to overview page

Security assessment

This is a documentation restructuring that removes specific technical setup steps and replaces them with general service description. No evidence of security vulnerability being addressed; appears to be content simplification and reorganization.

Diff

diff --git a/security-ir/latest/userguide/onboarding-guide.md b/security-ir/latest/userguide/onboarding-guide.md
index 11ccf4484..eb8e0a937 100644
--- a//security-ir/latest/userguide/onboarding-guide.md
+++ b//security-ir/latest/userguide/onboarding-guide.md
@@ -7 +7 @@
-The onboarding guide walks you through prerequisites and AWS Security Incident Response onboarding and containment actions. 
+AWS Security Incident Response helps you prepare for, respond to, and recover from security events such as account takeovers, data breaches, and ransomware attacks. The service triages findings from Amazon GuardDuty and AWS Security Hub CSPM, escalates security events, and manages cases that require your attention. You also have access to the AWS Security Incident Response team (SIRT), who investigates impacted resources and provides guidance throughout the incident lifecycle. 
@@ -9,37 +9 @@ The onboarding guide walks you through prerequisites and AWS Security Incident R
-###### Important
-
-Prerequisites 
-
-  1. The only deployment prerequisite is enabling [AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html).
-
-  2. While not required, we recommend enabling [Amazon GuardDuty](https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html) and [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-are-securityhub-services.html) across all accounts and active AWS Regions to maximize Security Incident Response benefits.
-
-  3. Review GuardDuty and Security Incident Response.
-
-  4. Review [GuardDuty best practices guide](https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html).
-
-
-
-
-AWS Security Hub CSPM ingests findings from 3rd party endpoint detection and response (EDR) vendors (CrowdStrike, FortinetCNAPP (Lacework) and Trend Micro, among others). If these findings are ingested into Security Hub CSPM, they are auto-triaged by Security Incident Response for proactive case creation. To setup 3rd party EDR with Security Hub CSPM, see [Detect and Analyze](https://docs.aws.amazon.com//security-ir/latest/userguide/detect-and-analyze.html).
-
-To setup 3rd party EDR with Security Hub CSPM:
-
-  1. Navigate to the Security Hub CSPM Integrations page to validate the 3rd party integration exists
-
-  2. From the console, navigate to the Security Hub CSPM service page.
-
-  3. Choose **Integrations** (using Wiz.IO as an example):
-
-![Security Hub CSPM integrations page showing available third-party integrations.](/images/security-ir/latest/userguide/images/Security_Hub_CSPM.png)
-
-  4. Search for the vendor you would like to integrate
-
-![Search interface for finding and selecting third-party vendor integrations.](/images/security-ir/latest/userguide/images/Integrations.png)
-
-
-
-
-###### Note
-
-When prompted, provide your account or subscription information. After you provide this information, Security Incident Response ingests 3rd party findings. To review pricing for the 3rd party findings ingestion, see the **Integrations** page in Security Hub CSPM. 
+For a full overview of the service, see [What is AWS Security Incident Response?](./what-is.html)
@@ -55 +19 @@ Getting started
-Deploy and configure Security Incident Response
+Prepare for onboarding