Document history for the AWS Security Hub User Guide
The following table describes the updates to the documentation for AWS Security Hub.
Note
For security control releases, the date specified is the date when the controls are available in all accounts and Regions. It can take 1-2 weeks for controls to reach all accounts and Regions.
Change | Description | Date |
---|---|---|
New security controls | The following new Security Hub controls are available. | October 18, 2024 |
New security controls | The following new Security Hub controls are available.
| October 3, 2024 |
New security controls | The following new Security Hub controls are available.
| August 30, 2024 |
New finding panel | The new finding panel on the Security Hub console helps you quickly take action on findings, review resource details and finding history, and find other pertinent information about a finding. | August 16, 2024 |
Update to Config.1 control | The Config.1 control checks whether AWS Config is enabled, uses the service-linked role, and records resources for
enabled controls. Security Hub added a custom control parameter named | August 15, 2024 |
Designate a home Region without linked Regions | You can now create a finding aggregator and establish a home Region without linking any AWS Regions to the home Region. This allows you to enable central configuration without specifying linked Regions. | July 25, 2024 |
Select controls available in more Regions | The following controls are now available in additional AWS Regions, including US East (N. Virginia) and US East (Ohio).
| July 15, 2024 |
New security controls | The following new Security Hub controls are available:
| July 11, 2024 |
Release of CIS AWS Foundations Benchmark v3.0.0 | Security Hub released Center for Internet Security (CIS) AWS Foundations Benchmark v3.0.0. The release includes the following new controls, as well as mappings to several existing controls.
| May 13, 2024 |
The following new Security Hub controls are available:
| May 3, 2024 | |
AWS Resource Tagging Standard | The AWS Resource Tagging Standard from Security Hub is now generally available, along with new controls that apply to the standard. | April 30, 2024 |
Update to existing managed policy | Security Hub updated the AWS
managed policy named | April 24, 2024 |
In-context configuration of control parameters | If you use central configuration, you can now configure control parameters in context, from the details page of a control on the Security Hub console. | March 29, 2024 |
Update to existing managed policy | Security Hub updated the AWS
managed policy named | February 22, 2024 |
New security control | The control [Macie.2] Macie automated sensitive data discovery should be enabled is now available. For Regional limits on this control, see Availability of controls by Region. | February 19, 2024 |
Security Hub available in Canada West (Calgary) | Security Hub is now available in Canada West (Calgary). All Security Hub features are now available in this Region, with the exception of certain security controls. For more information, see Availability of controls by Region. | December 20, 2023 |
New security controls | The following new Security Hub controls are available:
| December 14, 2023 |
Security Hub added the new finding fields | November 27, 2023 | |
You can now access more dashboard widgets on the Summary page of the Security Hub console, save dashboard filter sets to quickly focus on specific security issues, and customize the dashboard layout. | November 27, 2023 | |
Central configuration is now available. With central configuration, the Security Hub delegated administrator can configure Security Hub, standards, and controls across multiple organization accounts, organizational units (OUs), and Regions. | November 27, 2023 | |
Security Hub added new permissions to the | November 26, 2023 | |
You can now customize parameter values for select Security Hub controls. This can make findings for a specific control more relevant to your business requirements and security expectations. | November 26, 2023 | |
Security Hub updated the | November 16, 2023 | |
Existing security controls added to Service-Managed Standard: AWS Control Tower | The following existing Security Hub controls have been added to Service-Managed Standard: AWS Control Tower.
| November 14, 2023 |
Security Hub added a new tagging permission to the | November 7, 2023 | |
The following new Security Hub controls are available:
| October 10, 2023 | |
Security Hub added new Organizations actions to the | September 27, 2023 | |
Existing security controls added to Service-Managed Standard: AWS Control Tower | The following existing Security Hub controls have been added to Service-Managed Standard: AWS Control Tower.
| September 26, 2023 |
Consolidated controls view and consolidated control findings available in AWS GovCloud (US) | Consolidated controls view and consolidated control findings are now available in the AWS GovCloud (US) Region. The Controls page of the Security Hub console shows all your controls across standards. Each control has the same control ID across standards. When you turn on consolidated control findings, you receive a single finding per security check even when a control applies to multiple enabled standards. | September 6, 2023 |
Consolidated controls view and consolidated control findings available in China Regions | Consolidated controls view and consolidated control findings are now available in the China Regions. The Controls page of the Security Hub console shows all your controls across standards. Each control has the same control ID across standards. When you turn on consolidated control findings, you receive a single finding per security check even when a control applies to multiple enabled standards. | August 28, 2023 |
Security Hub is now available in Israel (Tel Aviv). All Security Hub features are now available in this Region, with the exception of certain security controls. For more information, see Availability of controls by Region. | August 8, 2023 | |
The following new Security Hub controls are available:
| July 28, 2023 | |
You can now use CONTAINS and NOT_CONTAINS comparison operators for automation rule map and string criteria. | July 25, 2023 | |
Security Hub now offers automation rules that automatically update findings based on criteria that you specify. | June 13, 2023 | |
Snyk is a new third-party integration that sends findings to Security Hub. | June 12, 2023 | |
Existing security controls added to Service-Managed Standard: AWS Control Tower | The following existing Security Hub controls have been added to Service-Managed Standard: AWS Control Tower.
| June 12, 2023 |
The following new Security Hub controls are available:
| June 6, 2023 | |
Security Hub is now available in Asia Pacific (Melbourne). All Security Hub features are now available in this Region, with the exception of certain security controls. For more information, see Availability of controls by Region. | May 25, 2023 | |
Security Hub can now track the history of a finding during the last 90 days. | May 4, 2023 | |
The following new Security Hub controls are available: | March 29, 2023 | |
The Automated Security Response on AWS v2.0.0 | March 24, 2023 | |
Security Hub is now available in Asia Pacific (Hyderabad), Europe (Spain), and Europe (Zurich). Limits exist on which controls are available in these Regions. | March 21, 2023 | |
Security Hub has updated an existing permission in the | March 17, 2023 | |
Security Hub has added the following security controls, which are applicable to the NIST 800-53 standard:
| March 3, 2023 | |
National Institute of Standards and Technology (NIST) 800-53 Rev. 5 | Security Hub now supports the NIST 800-53 Rev. 5 standard with more than 200 applicable security controls. | February 28, 2023 |
With the release of consolidated controls view, the Controls page of the Security Hub console shows all your controls across standards. Each control has the same control ID across standards. When you turn on consolidated control findings, you receive a single finding per security check even when a control applies to multiple enabled standards. | February 23, 2023 | |
The following new Security Hub controls are available. Some controls have Regional limitations.
| February 16, 2023 | |
Security Hub has added ProductFields.ArchivalReasons:0/Description and ProductFields.ArchivalReasons:0/ReasonCode to the AWS Security Finding Format (ASFF). | February 8, 2023 | |
Security Hub has added Compliance.AssociatedStandards and Compliance.SecurityControlId to the AWS Security Finding Format (ASFF). | January 31, 2023 | |
You can now see vulnerability details in the Security Hub console for findings that Amazon Inspector sends to Security Hub. | January 14, 2023 | |
Security Hub is now available in Middle East (UAE). Some controls have Regional limits. | January 12, 2023 | |
Security Hub now supports a third-party integration with MetricStream in all Regions except China and AWS GovCloud (US). | January 11, 2023 | |
Security Hub now supports up to 11,000 member accounts for each Security Hub administrator account per Region. | December 27, 2022 | |
Security Hub rolled back the control [ElasticBeanstalk.3] Elastic Beanstalk should stream logs to CloudWatch from the FSBP standard in all Regions. | December 21, 2022 | |
New Security Hub controls are available to customers who have enabled the FSBP standard. Some controls have Regional limitations. | December 15, 2022 | |
Security Hub is planning to release two new features: consolidated controls view and consolidated control findings. These upcoming features may impact existing workflows that rely on control finding fields and values. | December 9, 2022 | |
Security Lake now integrates with Security Hub by receiving Security Hub findings. | November 29, 2022 | |
Security Hub supports a new security standard called Service-Managed Standard: AWS Control Tower. AWS Control Tower manages this standard. | November 28, 2022 | |
CIS AWS Foundations Benchmark v1.4.0 now available in China Regions | Security Hub now supports CIS AWS Foundations Benchmark v1.4.0 in the China Regions. | November 18, 2022 |
Jira Service Management Cloud now receives Security Hub findings in all available Regions, except the China Regions. | November 17, 2022 | |
AWS IoT Device Defender now sends findings to Security Hub in all available Regions. | November 17, 2022 | |
Security Hub now provides security controls that support CIS AWS Foundations Benchmark v1.4.0. This standard is available in all available Regions, except the China Regions. | November 9, 2022 | |
You can now subscribe to Security Hub announcements with Amazon Simple Notification Service (Amazon SNS) in AWS GovCloud (US-East) and AWS GovCloud (US-West) to receive notifications about Security Hub. | October 3, 2022 | |
The new Security Hub control AutoScaling.9 is available to customers who have enabled the FSBP standard. Controls may have Regional limitations. | September 1, 2022 | |
You can now subscribe to Security Hub announcements with Amazon Simple Notification Service (Amazon SNS) to receive notifications about Security Hub. | August 29, 2022 | |
Cross-Region aggregation is now available for findings, finding updates, and insights across AWS GovCloud (US). | August 2, 2022 | |
Fortinet - FortiCNP is a third-party integration that receives Security Hub findings, and JFrog is a third-party integration that sends findings to Security Hub. | July 26, 2022 | |
Security Hub has retired EC2.27 - Running EC2 Instances should not use key pairs, a former control in the AWS Foundational Security Best Practices (FSBP) standard. | July 20, 2022 | |
Security Hub no longer supports python3.6 as a parameter for Lambda.2 - Lambda functions should use supported runtimes, a control in the AWS Foundational Security Best Practices (FSBP) standard. | July 19, 2022 | |
New Security Hub controls are available to customers who have enabled the FSBP standard. Some controls have Regional limitations. | June 22, 2022 | |
Security Hub is now available in Asia Pacific (Jakarta). Some controls are not available in this Region. | June 7, 2022 | |
Improved integration between AWS Security Hub and AWS Config | Security Hub users can see the results of AWS Config rule evaluations as findings in Security Hub. | June 6, 2022 |
For users who have integrated with AWS Organizations, this feature allows you to log into the Security Hub administrator account and opt new member accounts out of auto-enabled standards. | April 25, 2022 | |
Added cross-Region aggregation to control statuses and security scores. | April 20, 2022 | |
Added new top level attributes for setting company and product names associated with custom integrations | April 1, 2022 | |
Added new controls to the AWS Foundational Security Best Practices standard | Added 5 new controls to the AWS Foundational Security Best Practices standard. | March 31, 2022 |
Added | March 25, 2022 | |
Added additional details to | March 25, 2022 | |
Added new controls to the AWS Foundational Security Best Practices standard | Added 15 new controls to the AWS Foundational Security Best Practices standard. | March 16, 2022 |
Added new controls for Amazon OpenSearch Service, Amazon RDS, Amazon EC2, Elastic Load Balancing, and CloudFront to the AWS Foundational Security Best Practices standard. Also added two new controls for OpenSearch Service to the PCI DSS. | February 15, 2022 | |
Added new field: Sample. | January 26, 2022 | |
AWS Health uses service-to-service event messaging to send findings to Security Hub. | January 19, 2022 | |
Trusted Advisor sends the results of its checks to Security Hub as Security Hub findings. Security Hub sends the results of its AWS Foundational Security Best Practices checks to Trusted Advisor. | January 18, 2022 | |
Added | December 20, 2021 | |
The descriptions of ASFF attributes were previously in a single topic. Each top-level object and each resource details object is now in its own topic. The ASFF syntax topic contains links to those topics. | December 20, 2021 | |
Added new resource details objects to ASFF for AWS Network Firewall | For AWS Network Firewall, added the following resource details objects: | December 20, 2021 |
Security Hub is integrated with the new version of Amazon Inspector as well as with Amazon Inspector Classic. Amazon Inspector sends findings to Security Hub. | November 29, 2021 | |
The severity of EC2.19 (Security groups should not allow unrestricted access to ports with high risk) is changed from High to Critical. | November 17, 2021 | |
Security Hub now offers an integration with Sonrai Dig. Sonrai Dig monitors cloud environments to identify security risks. Sonrai Dig sends findings to Security Hub. | November 12, 2021 | |
Updated check for CIS 2.1 and CloudTrail.1 controls | In addition to checking that at least one multi-Region CloudTrail trail is in place, CIS 2.1 and CloudTrail.1 now also check that the
| November 9, 2021 |
Security Hub is now integrated with AWS PrivateLink and supports VPC endpoints. | November 3, 2021 | |
Added controls to the AWS Foundational Security Best Practices standard | Added new controls for Elastic Load Balancing (ELB.2 and ELB.8) and AWS Systems Manager (SSM.4). | November 2, 2021 |
EC2.19 now also checks that security groups do not allow unrestricted ingress access to the following ports: 3000 (Go, Node.js, and Ruby web development frameworks), 5000 (Python web development frameworks), 8088 (legacy HTTP port), and 8888 (alternative HTTP port) | October 27, 2021 | |
Logz.io is a provider of Cloud SIEM that provides advanced correlation of log and event data to help security teams to detect, analyze, and respond to security threats in real time. Logz.io receives findings from Security Hub. | October 25, 2021 | |
Cross-Region aggregation allows you to view all of your findings without having to change Regions. Administrator accounts choose an aggregation Region and linked Regions. Findings for the administrator account and its member accounts are aggregated from the linked Regions to the aggregation Region. | October 20, 2021 | |
Added viewer certificate details to | October 8, 2021 | |
Added the following new resource details objects to ASFF: | October 8, 2021 | |
In the AWS Foundational Security Best Practices standard, removed the | October 6, 2021 | |
The integration with Check Point Dome9 Arc is now Check Point CloudGuard Posture Management. The integration ARN did not change. | October 1, 2021 | |
Removed the integration with Alcide | The integration with Alcide kAudit is discontinued. | September 30, 2021 |
The severity of [EC2.19] Security groups should not allow unrestricted access to ports with high risk is changed from Medium to High. | September 30, 2021 | |
Integration with AWS Organizations is now supported in the China Regions | The Security Hub integration with Organizations is now supported in China (Beijing) and China (Ningxia). | September 20, 2021 |
New AWS Config rule for the S3.1 and PCI.S3.6 controls | Both S3.1 and PCI.S3.6 verify that the Amazon S3 Block Public Access setting is enabled. The AWS Config rule for these controls is changed from
| September 14, 2021 |
In the AWS Foundational Security Best Practices standard, removed the | September 13, 2021 | |
In the CIS AWS Foundations Benchmark standard, the severity for 2.2. – Ensure CloudTrail log file validation is enabled is changed from Low to Medium. | September 13, 2021 | |
Updated ECS.1, Lambda.2, and SSM.1 in the AWS Foundational Security Best Practices standard | In the AWS Foundational Security Best Practices standard, ECS.1 now has a | September 7, 2021 |
In the Payment Card Industry Data Security Standard (PCI DSS) standard, the PCI.Lambda.2 control now excludes Lambda@Edge resources. | September 7, 2021 | |
Added the integration with HackerOne Vulnerability Intelligence | Security Hub now offers an integration with HackerOne Vulnerability Intelligence. The integration sends findings to Security Hub. | September 7, 2021 |
For | September 2, 2021 | |
Added the following new resource details objects to ASFF: | September 2, 2021 | |
In | September 2, 2021 | |
Systems Manager Explorer and OpsCenter integration now supported in the China Regions | The Security Hub integration with SSM Explorer and OpsCenter is now supported in China (Beijing) and China (Ningxia). | August 31, 2021 |
Retiring the Lambda.4 control | Security Hub is retiring the control [Lambda.4] Lambda functions should have a dead-letter queue configured. When a control is retired, it no longer displays on the console, and Security Hub does not perform checks against it. | August 31, 2021 |
Retiring the PCI.EC2.3 control | Security Hub is retiring the control [PCI.EC2.3] Unused EC2 security groups should be removed. When a control is retired, it no longer displays on the console, and Security Hub does not perform checks against it. | August 27, 2021 |
When you send findings to a custom action, Security Hub now sends each finding in a separate Security Hub Findings - Custom Action event. | August 20, 2021 | |
Added a new compliance status reason code for custom Lambda runtimes | Added a new | August 20, 2021 |
AWS Firewall Manager integration now supported in the China Regions | The Security Hub integration with Firewall Manager is now supported in China (Beijing) and China (Ningxia). | August 19, 2021 |
New integrations with Caveonix Cloud and Forcepoint Cloud Security Gateway | Security Hub now offers integrations with Caveonix Cloud and Forcepoint Cloud Security Gateway. Both integrations send findings to Security Hub. | August 10, 2021 |
Added new | Added | July 23, 2021 |
Added a new | July 23, 2021 | |
Added controls to the AWS Foundational Security Best Practices standard | Added new controls for Amazon API Gateway (APIGateway.5), Amazon EC2 (EC2.19), Amazon ECS (ECS.2), Elastic Load Balancing (ELB.7), Amazon OpenSearch Service (ES.5 through ES.8), Amazon RDS (RDS.16 through RDS.23), Amazon Redshift (Redshift.4), and Amazon SQS (SQS.1). | July 20, 2021 |
Moved a permission within the service-linked role managed policy | Moved the | July 14, 2021 |
Added controls to the AWS Foundational Security Best Practices standard | Added new controls for Amazon API Gateway (APIGateway.4), Amazon CloudFront (CloudFront.5 and CloudFront.6), Amazon EC2 (EC2.17 and EC2.18), Amazon ECS (ECS.1), Amazon OpenSearch Service (ES.4), AWS Identity and Access Management (IAM.21), Amazon RDS (RDS.15), and Amazon S3 (S3.8). | July 8, 2021 |
Added new compliance status reason codes for control findings |
| July 6, 2021 |
Added the integration with AWS Chatbot. Security Hub sends findings to AWS Chatbot. | June 30, 2021 | |
Added a new permission to the service-linked role managed policy | Added a new permission to the managed policy | June 29, 2021 |
Added new resource details objects for ECS clusters and ECS task definitions. Updated the EC2 instance object to list the associated network interfaces. Added the client certificate ID for the API Gateway V2 stages. Added the lifecycle configuration for S3 buckets. | June 24, 2021 | |
Updated the calculation of aggregated control statuses and standard security scores | Security Hub now calculates the overall control status and standard security score every 24 hours. For administrator accounts, the score now reflects whether each control is enabled or disabled for each account. | June 23, 2021 |
Updated information about Security Hub handling of suspended accounts | Added information on how Security Hub handles accounts that are suspended in AWS. | June 23, 2021 |
Added tabs to display the enabled and disabled controls for the individual administrator account | For the administrator account, the main tabs on the standard details page contain aggregated information across accounts. The new Enabled for this account and Disabled for this account tabs list the accounts that are enabled or disabled for the individual administrator account. | June 23, 2021 |
In the AWS Foundational Security Best Practices standard, added | June 8, 2021 | |
New integrations with MicroFocus ArcSight and NETSCOUT Cyber Investigator | Added integrations with MicroFocus ArcSight and NETSCOUT Cyber Investigator. MicroFocus ArcSight receives findings from Security Hub. NETSCOUT Cyber Investigator sends findings to Security Hub. | June 7, 2021 |
Updated the managed policies section to add details for the existing managed policy | June 4, 2021 | |
The AWS Service Management Connector for Jira sends findings to Jira and uses them to create Jira issues. When the Jira issues are updated, the corresponding findings in Security Hub also are updated. | May 26, 2021 | |
Updated the supported controls list for the Asia Pacific (Osaka) Region | Updated the CIS AWS Foundations standard and the Payment Card Industry Data Security Standard (PCI DSS) to indicate the controls that are not supported in Asia Pacific (Osaka). | May 21, 2021 |
Added an integration with Sysdig Secure for cloud. The integration sends findings to Security Hub. | May 14, 2021 | |
Added controls to the AWS Foundational Security Best Practices standard | Added new controls for Amazon API Gateway (APIGateway.2 and APIGateway.3), AWS CloudTrail (CloudTrail.4 and CloudTrail.5), Amazon EC2 (EC2.15 and EC2.16), AWS Elastic Beanstalk (ElasticBeanstalk.1 and ElasticBeanstalk.2), AWS Lambda (Lambda.4), Amazon RDS (RDS.12 – RDS.14), Amazon Redshift (Redshift.7), AWS Secrets Manager (SecretsManager.3 and SecretsManager.4), and AWS WAF (WAF.1). | May 10, 2021 |
Updates to GuardDuty and Amazon RDS controls | Changed the severity of | May 4, 2021 |
In | May 3, 2021 | |
Added console fields to provide filter values for Amazon EventBridge rules | The new predefined filter patterns for Security Hub EventBridge rules provide console fields that you can use to specify filter values. | April 30, 2021 |
Added the integration with AWS Systems Manager Explorer and OpsCenter | Security Hub now supports an integration with Systems Manager Explorer and OpsCenter. The integration receives findings from Security Hub and updates those findings in Security Hub. | April 26, 2021 |
New type for product integrations | A new integration type, | April 22, 2021 |
Changed "master account" to "administrator account" | The term "master account" is changed to "administrator account." The term is also changed in the Security Hub console and API. | April 22, 2021 |
Updated the title, description, and remediation for APIGateway.1. The control now checks for Websocket API execution logging instead of for HTTP API execution logging. | April 9, 2021 | |
Amazon GuardDuty integration now supported in Beijing and Ningxia | The Security Hub integration with GuardDuty is now supported in the China (Beijing) and China (Ningxia) Regions. | April 5, 2021 |
Added | The Lambda.2 control in the Foundational Security Best Practices standard now supports the | March 30, 2021 |
Security Hub launched in Asia Pacific (Osaka) | Security Hub is now available in the Asia Pacific (Osaka) Region. | March 29, 2021 |
Added finding provider fields to finding details | On the finding details panel, the new Finding Provider Fields section contains the finding provider values for confidence, criticality, related findings, severity, and types. | March 24, 2021 |
Added option to receive sensitive findings from Amazon Macie | The integration with Macie can now be configured to send sensitive findings to Security Hub. | March 23, 2021 |
For customers who have an existing administrator account with member accounts, added new information on how to change from managing accounts by invitation to managing accounts using Organizations. | March 22, 2021 | |
New objects in ASFF for information about Amazon S3 Public Access Block configuration | In | March 18, 2021 |
New object in ASFF to allow finding providers to update specific fields | The new | March 18, 2021 |
The new | March 18, 2021 | |
Added | For the | March 16, 2021 |
A new managed policy, | March 15, 2021 | |
Managed policy and service-linked role information moved to the Security chapter | The information on managed policies is revised and expanded. Both the managed policy information and the information on service-linked roles has moved to the Security chapter. | March 15, 2021 |
Added SecureCloudDB to the list of third-party integrations. SecureCloudDB is a cloud native database security tool that provides comprehensive visibility of internal and external security postures and activity. SecureCloudDB sends findings to Security Hub. | March 4, 2021 | |
Revised severity for CIS 1.1 and CIS 3.1 – CIS 3.14 controls | The severity of the CIS 1.1 and CIS 3.1 – CIS 3.14 controls is changed to Low. | March 3, 2021 |
Removed the RDS.11 control | Removed the RDS.11 control from the Foundational Security Best Practices standard. | March 3, 2021 |
The Turbot integration is updated to both send and receive findings. | February 26, 2021 | |
Added controls to the Foundational Security Best Practices standard | Added new controls for Amazon API Gateway (APIGateway.1), Amazon EC2 (EC2.9 and EC2.10), Amazon Elastic File System (EFS.2), Amazon OpenSearch Service (ES.2 and ES.3), Elastic Load Balancing (ELB.6), and AWS Key Management Service (AWS KMS) (KMS.3). | February 11, 2021 |
Added optional | The | February 3, 2021 |
New integration with Antivirus for Amazon S3 from Cloud Storage Security | The integration with Antivirus for Amazon S3 sends the virus scan results to Security Hub as findings. | January 27, 2021 |
Updated the security score calculation process for administrator accounts | For an administrator account, Security Hub uses a separate process to calculate the security score. The new process ensures that the score includes controls that are enabled for member accounts but disabled for the administrator account. | January 21, 2021 |
Added a new | January 21, 2021 | |
Added controls to the Foundational Security Best Practices standard | Added new controls for Amazon CloudFront (CloudFront.1 through CloudFront.4), Amazon DynamoDB (DynamoDB.1 through DynamoDB.3), Elastic Load Balancing (ELB.3 through ELB.5), Amazon RDS (RDS.9 through RDS.11), Amazon Redshift (Redshift.1 through Redshift.3 and Redshift.6), and Amazon SNS (SNS.1). | January 15, 2021 |
Workflow status is reset based on the record state or compliance status | Security Hub automatically resets the workflow status from | January 7, 2021 |
For findings that are generated from controls, added information about the content of the | December 29, 2020 | |
Changed the title of insight 5. Added a new insight, 32, that checks for IAM users with suspicious activity. | December 22, 2020 | |
In the AWS Foundational Security Best Practices standard, updated the parameters for IAM.7. Updated the title and description of Lambda.1. | December 22, 2020 | |
The ServiceNow ITSM integration allows users to automatically create incidents or problems when a Security Hub finding is received. Updates to these incidents or problems result in updates to the findings in Security Hub. | December 11, 2020 | |
Security Hub now offers an integration with AWS Audit Manager. The integration allows Audit Manager to receive control-based findings from Security Hub. | December 8, 2020 | |
Security Hub added an integration with Aqua Security Kube-bench. The integration sends findings to Security Hub. | November 24, 2020 | |
The integration with Cloud Custodian is now available in the China (Beijing) and China (Ningxia) Regions. | November 24, 2020 | |
| Previously, you could not use | November 24, 2020 |
Customers can now manage member accounts using their Organizations account configuration. The organization management account designates the Security Hub administrator account, who determines which organization accounts to enable in Security Hub. The manual invitation process can still be used for accounts that are not part of an organization. | November 23, 2020 | |
Removed the separate finding list format for high-volume controls | The finding list for a control no longer uses the Findings page format when there is a very large number of findings. | November 19, 2020 |
Security Hub now supports integrations with cloudtamer.io, 3CORESec, Prowler, and StackRox Kubernetes Security. IBM QRadar no longer sends findings. It only receives findings. | October 30, 2020 | |
Added option to download the list of findings from the control details page. | On the control details page, a new Download option allows you to download the finding list to a .csv file. The downloaded list respects any filters that are on the list. If you selected specific findings, then the downloaded list only includes those findings. | October 26, 2020 |
Added option to download the list of controls from the standard details page. | On the standard details page, a new Download option allows you to download the control list to a .csv file. The downloaded list respects any filters that are on the list. If you selected a specific control, then the downloaded list only includes that control. | October 26, 2020 |
Security Hub is now integrated with ThreatModeler. Updated the following partner integrations to reflect their new product names. Twistlock Enterprise Edition is now Palo Alto Networks - Prisma Cloud Compute. Also from Palo Alto Networks, Demisto is now Cortex XSOAR and Redlock is now Prisma Cloud Enterprise. | October 23, 2020 | |
Security Hub launched in China (Beijing) and China (Ningxia) | Security Hub is now available in the China (Beijing) and China (Ningxia) Regions. | October 21, 2020 |
Revised format for ASFF attributes and third-party integrations | The lists of ASFF attributes and partner integrations now use a list-based format instead of tables. The ASFF syntax, attributes, and types taxonomy are now in separate topics. | October 15, 2020 |
The standard details page for an enabled standard now displays a tabbed list of controls. The tabs filter the control list based on the control status. | October 7, 2020 | |
Replaced CloudWatch Events with EventBridge | Replaced references to Amazon CloudWatch Events with Amazon EventBridge. | October 1, 2020 |
New integrations with Blue Hexagon for AWS, Alcide kAudit, and Palo Alto Networks VM-Series. | Security Hub is now integrated with Blue Hexagon for AWS, Alcide kAudit, and Palo Alto Networks VM-Series. Blue Hexagon for AWS and kAudit send findings to Security Hub. VM-Series receives findings from Security Hub. | September 30, 2020 |
Added new | September 30, 2020 | |
The | September 30, 2020 | |
Added AWS Systems Manager Patch Manager to available AWS service integrations | AWS Systems Manager Patch Manager is now integrated with Security Hub. Patch Manager sends findings to Security Hub when instances in a customer's fleet go out of compliance with their patch compliance standard. | September 22, 2020 |
Added new controls to the AWS Foundational Security Best Practices standard | Added new controls for the following services: Amazon EC2 (EC2.7 and EC2.8), Amazon EMR (EMR.1), IAM (IAM.8), Amazon RDS (RDS.4 through RDS.8), Amazon S3 (S3.6), and AWS Secrets Manager (SecretsManager.1 and SecretsManager.2). | September 15, 2020 |
New context keys for IAM policy to control access to | IAM policies can now be configured to restrict access to fields and field values when using | September 10, 2020 |
By default, member accounts now have the same access to | September 10, 2020 | |
New controls for AWS KMS in the Foundational Security Best Practices Standard | Added two new controls (KMS.1 and KMS.2) to the Foundational Security Best Practices Standard. The new controls check whether IAM policies restrict access to AWS KMS decryption actions. | September 9, 2020 |
Removed account-level findings for controls | Security Hub no longer generates account-level findings for a control. Only resource-level findings are generated. | September 1, 2020 |
Added the | September 1, 2020 | |
The details page for controls is redesigned. The control finding list provides tabs to allow you to quickly filter the list based on the compliance status. You can also quickly see suppressed findings. Each entry provides access to additional details about the finding resource, AWS Config rule, and finding notes. | August 28, 2020 | |
For finding filters, you can use the is not filter to find findings for which a field value is not equal to the filter value. You can use the does not start with to find findings for which a field value does not start with the specified filter value. | August 28, 2020 | |
Added new | August 18, 2020 | |
Security Hub is now integrated with RSA Archer. RSA Archer receives findings from Security Hub. | August 18, 2020 | |
Added a | August 18, 2020 | |
Added several attributes to the | August 18, 2020 | |
Updated how Security Hub determines the overall status of a control | For controls that have no findings, the status is No data instead of Unknown. The control status includes both account-level and resource-level findings. The control status does not use the workflow status of findings, except to ignore suppressed findings. | August 13, 2020 |
Updated how Security Hub calculates the security score for a standard | When calculating the security score for a standard, Security Hub now ignores controls with a status of No Data. The security score is proportion of passed controls to enabled controls, excluding controls with no data. | August 13, 2020 |
New option to automatically enable new controls in enabled standards | Added a Settings option to automatically enable new controls in standards that are enabled. You can also use the
| July 31, 2020 |
New controls for the Payment Card Industry Data Security Standard (PCI DSS) standard | Added new controls to the PCI DSS standard. The identifiers of the new controls are PCI.DMS.1, PCI.EC2.5, PCI.EC2.6, PCI.ELBV2.1, PCI.GuardDuty.1, PCI.IAM.7, PCI.IAM.8, PCI.S3.5, PCI.S3.6, PCI.SageMaker.1, PCI.SSM.2, and PCI.SSM.3. | July 29, 2020 |
New and updated controls for the Foundational Security Best Practices standard | Added new controls to the Foundational Security Best Practices standard. The identifiers of the new controls are AutoScaling.1, DMS.1,
EC2.4, EC2.6, S3.5, and SSM.3. Updated the title of ACM.1 and changed the value of the | July 29, 2020 |
Added the | July 1, 2020 | |
New | Added the | July 1, 2020 |
Added the | July 1, 2020 | |
Automatically resolve findings when | For findings from controls, if | June 24, 2020 |
AWS Command Line Interface examples | Added AWS CLI syntax and examples for several Security Hub tasks. Includes enabling Security Hub, managing insights, managing standards and controls, managing product integrations, and disabling Security Hub. | June 24, 2020 |
Added the | May 20, 2020 | |
New | Added the | May 20, 2020 |
Added the new AWS Foundational Security Best Practices standard, which is a set of controls that detect when your deployed accounts and resources deviate from security best practices. | April 22, 2020 | |
New console option to update the workflow status for a finding | Added information for using the Security Hub console or API to set the workflow status for findings. | April 16, 2020 |
New | Added information on using | April 16, 2020 |
Added several new resource types. Added a new | March 12, 2020 | |
Updated to reflect the changes to the Integrations page. For each integration, the page now shows the integration category and whether each integration sends findings to or receives findings from Security Hub. It also provides the specific steps required to enable each integration. | February 26, 2020 | |
Added the following new product integrations: Cloud Custodian, FireEye Helix, Forcepoint CASB, Forcepoint DLP, Forcepoint NGFW, Rackspace Cloud Native Security, and Vectra.ai Cognito Detect. | February 21, 2020 | |
New security standard for the Payment Card Industry Data Security Standard (PCI DSS) | Added the Security Hub security standard for the Payment Card Industry Data Security Standard (PCI DSS). When this standard is enabled, Security Hub performs automated checks against controls related to PCI DSS requirements. | February 13, 2020 |
Added a field for related requirements for standards controls. Added new resource types and new resource details. The ASFF also now allows you to provide up to 32 resources. | February 5, 2020 | |
New option to disable individual security standard controls | Added information on how to control whether each individual security standard control is enabled. | January 15, 2020 |
Updates to Security Hub concepts | Updated some descriptions and added new terms to Security Hub concepts. | September 21, 2019 |
AWS Security Hub general availability release | Content updates to reflect improvements made to Security Hub during the preview period. | June 25, 2019 |
Added remediation steps for CIS AWS Foundations checks | Added remediation steps to Security Standards Supported in AWS Security Hub. | April 15, 2019 |
Preview release of AWS Security Hub | Published the preview release version of the AWS Security Hub User Guide. | November 18, 2018 |