Working in the Summary dashboard in Security Hub
Note
Security Hub is in preview release and is subject to change.
This topic describes the Summary dashboard in the Security Hub console. This page shows an overview of your exposures, threats, top resources, and security service coverage across multiple security widgets. These widgets help you visualize exposures and threats by severity and account by security capability. Every time you open this page, data automatically refreshes.
You can customize this page by adding and removing different security widgets and setting filter criteria to retrieve specific data in each widget. Customizations to this page are saved for future use. If your account is the delegated administrator account for an organization, customizations are saved independently from member account customizations.
Note
We recommend that you do not include confidential, sensitive, or personally identifiable information (PII) in saved filters, custom widgets, or other related free-form text fields.
If your account is the delegated administrator account for an organization, the data includes findings for your account and member accounts. If your account is a member account or a standalone account, the data only includes findings for your account. If you configure cross-Region aggregation in Security Hub, this page shows findings from your aggregation.
The exposure summary widget
This widget shows all of your exposures by severity. You can see the frequency of each exposure in your environment. Exposures with greater severity appear first. Exposures are based on an analysis of findings and traits from Security Hub and other AWS services, such as Amazon Inspector. The list of exposures in this widget is limited to the eight highest exposures with the greatest number of critical findings. If two or more exposures have an equal number of critical findings, the list automatically groups those findings behind more recent critical findings.
The threat summary widget
This widget shows all of your threats by severity. Threats with greater severity appear first. Threats are related to a series of events and identify potential threats in your environment. They also originate in GuardDuty. The list of threats in this widget is limited to the eight threats with the highest severity. If two or more threats are of equal severity, the list automatically groups those findings behind more recent findings. You must enable GuardDuty to receive data in this widget.
The security coverage widget
This widget shows an overview of your security coverage and is based on coverage findings for supported services. It displays which coverage checks passed, failed, or are not available. Not available indicates the coverage check is unable to be completed. This can be caused by a deleted resource or a failing server.
Percentages for coverage checks point to the number of checks that passed and failed. For instance, one coverage check passes, and one coverage check fails. This indicates 50% of your checks passed, and 50% of your checks failed. In some cases, percentages are rounded to the nearest whole number.
Unlike security services such as GuardDuty, Amazon Inspector, and Macie, Security Hub CSPM publishes one coverage finding per account, which is PASS/FAIL depending on the enabled standards, such as PASS if at least 1 standard is enabled. Coverage percentages for Security Hub CSPM are the number of Security Hub CSPM coverage findings that passed to the total number of Security Hub CSPM coverage findings.
Note
We recommend that you do not include confidential, sensitive, or personally identifiable information (PII) in saved filters, custom widgets, or other related free-form text fields.
