AWS prescriptive-guidance documentation change
Summary
Formatting updates and modified description of GuardDuty/Security Hub
Security assessment
Header formatting changes and VPC acronym expansion. The GuardDuty/Security Hub description modification appears to be a documentation correction (service attribution) without security impact.
Diff
diff --git a/prescriptive-guidance/latest/aws-security-controls/detective-controls.md b/prescriptive-guidance/latest/aws-security-controls/detective-controls.md index 733021233..6f4d5e1cc 100644 --- a//prescriptive-guidance/latest/aws-security-controls/detective-controls.md +++ b//prescriptive-guidance/latest/aws-security-controls/detective-controls.md @@ -15 +15 @@ For example, you might apply a detective control that detects and notifies you i -###### Review the following about this type of control: +Review the following about this type of control: @@ -69 +69 @@ You can automatically analyze logs from different sources such as AWS CloudTrail -A common detective control is implementing one or more monitoring services, which can analyze data sources, such as logs, to identify security threats. In the AWS Cloud, you can analyze sources such as AWS CloudTrail logs, Amazon S3 access logs, and Amazon Virtual Private Cloud flow logs to help detect unusual activity. AWS security services, such as Amazon GuardDuty, Amazon Detective, AWS Security Hub CSPM, and Amazon Macie have built-in monitoring functionalities. +A common detective control is implementing one or more monitoring services, which can analyze data sources, such as logs, to identify security threats. In the AWS Cloud, you can analyze sources such as AWS CloudTrail logs, Amazon S3 access logs, and Amazon Virtual Private Cloud (Amazon VPC) flow logs to help detect unusual activity. AWS security services, such as Amazon GuardDuty, Amazon Detective, AWS Security Hub CSPM, and Amazon Macie have built-in monitoring functionalities. @@ -73 +73 @@ A common detective control is implementing one or more monitoring services, whic -[Amazon GuardDuty](https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html) uses threat intelligence, machine learning, and anomaly-detection techniques to continuously monitor your log sources for malicious or unauthorized activity. The dashboard provides insights into the real-time health of your AWS accounts and workloads. You can integrate GuardDuty with [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html), a cloud security posture management service that checks for adherence to best practices, aggregates alerts, and enables automated remediation. GuardDuty sends findings to Security Hub CSPM as a way to centralize information. You can further integrate Security Hub CSPM with security information and event management (SIEM) solutions to extend monitoring and alerting capabilities for your organization. +[AWS Security Hub CSPM](https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html) uses threat intelligence, machine learning, and anomaly-detection techniques to continuously monitor your log sources for malicious or unauthorized activity. The dashboard provides insights into the real-time health of your AWS accounts and workloads. You can integrate GuardDuty with [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html), a cloud security posture management service that checks for adherence to best practices, aggregates alerts, and enables automated remediation. GuardDuty sends findings to Security Hub CSPM as a way to centralize information. You can further integrate Security Hub CSPM with security information and event management (SIEM) solutions to extend monitoring and alerting capabilities for your organization.