Security Hub
Centralized security and compliance dashboard for AWS accounts.
Aggregates findings from AWS services like GuardDuty, Inspector, Macie, and others.
Supports integration with third-party security tools via AWS Partner Network.
Uses the AWS Security Finding Format (ASFF) for standardizing findings.
Continuously evaluates AWS resources against industry standards (e.g., CIS, PCI DSS).
Automatically enables security controls based on selected standards.
Findings are normalized and deduplicated for efficient analysis.
Integrates with AWS Organizations to manage multiple accounts centrally.
Supports cross-region aggregation of findings.
Findings can be sent to Amazon CloudWatch, EventBridge, or SIEM tools.
Enables automated remediation using EventBridge and Lambda.
Offers actionable insights through severity scores and compliance status.
Helps prioritize threats by correlating findings from multiple sources.
Supports custom actions for triggering workflows on findings.
Does not actively block or remediate threats—it's for visibility and coordination.
Last updated