Security Hub

  • Centralized security and compliance dashboard for AWS accounts.

  • Aggregates findings from AWS services like GuardDuty, Inspector, Macie, and others.

  • Supports integration with third-party security tools via AWS Partner Network.

  • Uses the AWS Security Finding Format (ASFF) for standardizing findings.

  • Continuously evaluates AWS resources against industry standards (e.g., CIS, PCI DSS).

  • Automatically enables security controls based on selected standards.

  • Findings are normalized and deduplicated for efficient analysis.

  • Integrates with AWS Organizations to manage multiple accounts centrally.

  • Supports cross-region aggregation of findings.

  • Findings can be sent to Amazon CloudWatch, EventBridge, or SIEM tools.

  • Enables automated remediation using EventBridge and Lambda.

  • Offers actionable insights through severity scores and compliance status.

  • Helps prioritize threats by correlating findings from multiple sources.

  • Supports custom actions for triggering workflows on findings.

  • Does not actively block or remediate threats—it's for visibility and coordination.

Last updated