Rainsbrook

User Tools

Site Tools

Trace: securityhub
aws:securityhub

Security Hub

AWS Security Hub monitors your account and suggests security improvements you can make, these scan results are called Findings and are assessed against well known security standards from AWS, CIS and NIST and others. 

$ aws securityhub describe-standards
{
    "Standards": [
        {
            "StandardsArn": "arn:aws:securityhub:eu-west-2::standards/aws-foundational-security-best-practices/v/1.0.0",
            "Name": "AWS Foundational Security Best Practices v1.0.0",
            "Description": "The AWS Foundational Security Best Practices standard is a set of automated security checks that detect when AWS accounts and deployed resources do not align to security best practices. The standard is defined by AWS security experts. This curated set of controls helps improve your security posture in AWS, and cover AWS’s most popular and foundational services.",
            "EnabledByDefault": true,
            "StandardsManagedBy": {
                "Company": "AWS",
                "Product": "Security Hub"
            }
        },
        ... edited...
 
 

The standard needs to be enabled for each account and region you wish to test against, you use the ARN of the standard:- 

aws securityhub batch-enable-standards \
        --standards-subscription-requests '{"StandardsArn":"arn:aws:securityhub:eu-west-2::standards/nist-800-53/v/5.0.0"}' \
        ---region eu-west-2 \
        ---profile SecurityHubCheck

This creates a subscription associating your account and region with the standard. 

$ aws securityhub get-enabled-standards
{
    "StandardsSubscriptions": [
        {
            "StandardsSubscriptionArn": "arn:aws:securityhub:eu-west-1:123443215678:subscription/aws-foundational-security-best-practices/v/1.0.0",
            "StandardsArn": "arn:aws:securityhub:eu-west-1::standards/aws-foundational-security-best-practices/v/1.0.0",
            "StandardsInput": {},
            "StandardsStatus": "READY"
        },
        {
            "StandardsSubscriptionArn": "arn:aws:securityhub:eu-west-1:123443215678:subscription/nist-800-53/v/5.0.0",
            "StandardsArn": "arn:aws:securityhub:eu-west-2::standards/nist-800-53/v/5.0.0",
            "StandardsInput": {},
            "StandardsStatus": "READY"
        }
    ]
}

To remove a standard from SH, you need to use the Subscription ARN to remove the standard tied to your account in a specific region:- 

$ aws securityhub batch-disable-standards \
        --standards-subscription-arns arn:aws:securityhub:eu-west-1:123443215678:subscription/cis-aws-foundations-benchmark/v/1.2.0
{
    "StandardsSubscriptions": [
        {
            "StandardsSubscriptionArn": "arn:aws:securityhub:eu-west-1:123443215678:subscription/cis-aws-foundations-benchmark/v/1.2.0",
            "StandardsArn": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
            "StandardsInput": {},
            "StandardsStatus": "DELETING"
        }
    ]
}

This page has been accessed:-
Today: 1
Yesterday: 1
Until now: 48

aws/securityhub.txt · Last modified: by 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki