Consolidated findings across AWS services and partner integrations

AWS Security Hub collects and consolidates findings from AWS security services enabled in your environment, such as noncompliant EC2 instances from AWS Systems Manager Patch Manager and publicly accessible and cross-account resources from IAM Access Analyzer. All findings are stored for at least 90 days within AWS Security Hub.

AWS Security Hub can automatically aggregate security and/or receive findings from supported AWS Partner Network (APN) security solutions, so you can have a comprehensive view of security and compliance across your AWS environment.

The AWS Security Hub partners listed in the service documentation are APN Technology Partners who have passed additional validation from the Security Hub team for sending findings to Security Hub or receiving findings from Security Hub. Note that all use of the term "partner" herein refers exclusively to a member of the AWS Partner Network (APN).

Automated, continuous security checks

Security Hub provides automated, continuous resource-level configuration and security checks using industry standards and best practices. For example, AWS Security Hub automates the Payment Card Industry Data Security Standard (PCI DSS) and the Center for Internet Security (CIS) AWS Foundations Benchmark, a set of security configuration best practices for AWS. If any of your accounts or resources deviate from a best practice, AWS Security Hub flags the problem and recommends remediation steps.

Curated security best practices

Security Hub offers customers a set of automated security controls called the AWS Foundational Security Best Practices standard. This is a highly curated set of security best practices vetted by our AWS security experts. It is our recommendation that this standard is enabled across all accounts and regions.

Seamless integration through a standardized findings format

Security findings from AWS services such as AWS Systems Manager Patch Manager and IAM Access Analyzer are collected in Security Hub using a standardized AWS Security Findings Format. Partner integrations use the same standardized findings format, eliminating time-consuming data parsing and normalization tasks. Now you can focus on prioritizing and acting on these consolidated findings.

Custom response and remediation actions

AWS Security Hub integrates with Amazon CloudWatch events, enabling you to create custom response and remediation workflows. You can easily send findings to SIEMs, chat tools, ticketing systems, Security Orchestration Automation and Response (SOAR) tools, and on-call management platforms. Response and remediation actions can be fully automated or they can be triggered manually in the console. You can also use AWS System Manager Automation documents, AWS Step Functions, and AWS Lambda functions to build automated remediation workflows that can be initiated from Security Hub.

Multi-account support

With a few clicks in the AWS Security Hub console, you can connect multiple AWS accounts and consolidate findings across those accounts. By designating a master security account, you can enable your security team to see consolidated findings for all accounts, while individual account owners see only findings associated with their account.

Useful predefined security insights

Security insights are grouped findings that highlight emerging trends or possible issues. For example, insights help to identify EC2 instances that are missing security patches for important vulnerabilities, or S3 buckets with public read or write permissions. AWS Security Hub’s predefined (i.e., managed) insights are designed to quickly flag the resources and accounts of most concern.

Custom insights for your environment

Create and customize your own insights, tailored to your specific security and compliance needs. You can base custom insights on the predefined security insights offered by AWS Security Hub or start from scratch. For example, you can create an insight to identify EC2 instances tagged as “production” that don't meet security standards.

Visual summary dashboard

Monitor your security posture and quickly identify security issues and trends using AWS Security Hub’s summary dashboard. For example, you can drill down into a trendline graph to discover that a set of Amazon EC2 instances with a high number of findings were all created using the same Amazon Machine Images (AMI).