AWS AmazonCloudWatch documentation change
Summary
Added documentation for Cisco Umbrella data sources and a comprehensive list of third-party security partners that send findings via AWS Security Hub CSPM integration
Security assessment
This change documents security-related data sources and integrations with third-party security tools through AWS Security Hub CSPM. While it adds security documentation about available security findings from partners, there is no evidence of addressing a specific security vulnerability or incident. The change expands the list of supported security data sources for monitoring purposes.
Diff
diff --git a/AmazonCloudWatch/latest/logs/supported-third-party-sources-data-sources.md b/AmazonCloudWatch/latest/logs/supported-third-party-sources-data-sources.md index fd0490b88..a9171f88b 100644 --- a//AmazonCloudWatch/latest/logs/supported-third-party-sources-data-sources.md +++ b//AmazonCloudWatch/latest/logs/supported-third-party-sources-data-sources.md @@ -6,0 +7,2 @@ +Additional third-party sources via AWS Security Hub CSPM + @@ -12,0 +15,4 @@ Data Source Name (@data_source_name field) | Data Source Type (@data_source_type +`cisco_umbrella` | `data_security_finding` +`cisco_umbrella` | `dns_activity` +`cisco_umbrella` | `entity_management` +`cisco_umbrella` | `network_activity` @@ -67,0 +74,65 @@ Data Source Name (@data_source_name field) | Data Source Type (@data_source_type +## Additional third-party sources via AWS Security Hub CSPM + +Additional third-party security findings are available through AWS Security Hub CSPM integration. The following partners send findings to Security Hub CSPM, which are then available as data sources in CloudWatch Logs. For comprehensive details about these integrations, see [Third-party product integrations with Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-partner-providers.html) in the _AWS Security Hub User Guide_. + +Partner | Integration +---|--- +3CORESec – NTA| Sends findings via Security Hub CSPM +Alert Logic – SIEMless Threat Management| Sends findings via Security Hub CSPM +Aqua Security – Cloud Native Security Platform| Sends findings via Security Hub CSPM +Aqua Security – Kube-bench| Sends findings via Security Hub CSPM +Armor – Armor Anywhere| Sends findings via Security Hub CSPM +AttackIQ| Sends findings via Security Hub CSPM +Barracuda Networks – Cloud Security Guardian| Sends findings via Security Hub CSPM +BigID – BigID Enterprise| Sends findings via Security Hub CSPM +Blue Hexagon| Sends findings via Security Hub CSPM +Check Point – CloudGuard IaaS| Sends findings via Security Hub CSPM +Check Point – CloudGuard Posture Management| Sends findings via Security Hub CSPM +Claroty – xDome| Sends findings via Security Hub CSPM +Cloud Storage Security – Antivirus for Amazon S3| Sends findings via Security Hub CSPM +Contrast Security – Contrast Assess| Sends findings via Security Hub CSPM +CrowdStrike – CrowdStrike Falcon| Sends findings via Security Hub CSPM +CyberArk – Privileged Threat Analytics| Sends findings via Security Hub CSPM +Data Theorem| Sends findings via Security Hub CSPM +Drata| Sends findings via Security Hub CSPM +Forcepoint – CASB| Sends findings via Security Hub CSPM +Forcepoint – Cloud Security Gateway| Sends findings via Security Hub CSPM +Forcepoint – DLP| Sends findings via Security Hub CSPM +Forcepoint – NGFW| Sends findings via Security Hub CSPM +Fugue| Sends findings via Security Hub CSPM +Guardicore – Centra| Sends findings via Security Hub CSPM +HackerOne – Vulnerability Intelligence| Sends findings via Security Hub CSPM +JFrog – Xray| Sends findings via Security Hub CSPM +Juniper Networks – vSRX Next Generation Firewall| Sends findings via Security Hub CSPM +k9 Security – Access Analyzer| Sends findings via Security Hub CSPM +Lacework| Sends findings via Security Hub CSPM +McAfee – MVISION CNAPP| Sends findings via Security Hub CSPM +NETSCOUT – Cyber Investigator| Sends findings via Security Hub CSPM +Orca – Cloud Security Platform| Sends findings via Security Hub CSPM +Palo Alto Networks – Prisma Cloud Compute| Sends findings via Security Hub CSPM +Palo Alto Networks – Prisma Cloud Enterprise| Sends findings via Security Hub CSPM +Plerion – Cloud Security Platform| Sends findings via Security Hub CSPM +Prowler| Sends findings via Security Hub CSPM +Qualys – Vulnerability Management| Sends findings via Security Hub CSPM +Rapid7 – InsightVM| Sends findings via Security Hub CSPM +SentinelOne| Sends findings via Security Hub CSPM +Snyk| Sends findings via Security Hub CSPM +Sonrai Security – Sonrai Dig| Sends findings via Security Hub CSPM +Sophos – Server Protection| Sends findings via Security Hub CSPM +StackRox – Kubernetes Security| Sends findings via Security Hub CSPM +Sumo Logic – Machine Data Analytics| Sends findings via Security Hub CSPM +Symantec – Cloud Workload Protection| Sends findings via Security Hub CSPM +Tenable.io| Sends findings via Security Hub CSPM +Trend Micro – Cloud One| Sends findings via Security Hub CSPM +Vectra – Cognito Detect| Sends findings via Security Hub CSPM +Wiz| Sends findings via Security Hub CSPM +Caveonix – Caveonix Cloud| Sends and receives findings via Security Hub CSPM +Cloud Custodian| Sends and receives findings via Security Hub CSPM +DisruptOps| Sends and receives findings via Security Hub CSPM +Kion| Sends and receives findings via Security Hub CSPM +Turbot| Sends and receives findings via Security Hub CSPM + +###### Note + +This list reflects the Security Hub partner integrations that send findings at the time of writing. Because AWS Security Hub regularly adds new partner integrations, refer to [Third-party product integrations with Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-partner-providers.html) in the _AWS Security Hub User Guide_ for the most up-to-date list of available partners. + @@ -76 +147 @@ Supported AWS services for data sources -Analyzing log data with CloudWatch Logs Insights +Custom sources