AWS Security Hub
User Guide

AWS Security Hub Terminology and Concepts

Important

Currently, AWS Security Hub is in Preview release.

As you get started with Security Hub, you can benefit from learning about its key concepts.

Account

A standard Amazon Web Services (AWS) account that contains your AWS resources. You can sign in to AWS with your account and enable Security Hub.

You can also invite other accounts to enable Security Hub and become associated with your account in Security Hub. If your invitations are accepted, your account is designated as the master Security Hub account, and the added accounts become your member accounts. You can then view those accounts' findings.

An account can't be a Security Hub master and member account at the same time. An account can accept only one membership invitation. Accepting a membership invitation is optional.

For more information, see Managing AWS Accounts in AWS Security Hub.

AWS Security Finding

A consistent format for the contents of findings that Security Hub aggregates or generates. AWS Security Finding format enables you to use Security Hub to view and analyze findings that are generated by AWS security services, by third-party solutions, or by Security Hub itself as the result of running security compliance checks. For more information, see AWS Security Finding Format.

Finding

A potential security issue processed by Security Hub. Security Hub consumes, aggregates, organizes, and prioritizes findings from the supported AWS and third-party services. It also generates its own findings as the result of running continuous and automated configuration checks against the rules in the supported AWS and industry best practices and standards (in this release, CIS AWS Foundations). Security Hub processes all findings using a standard format called AWS Security Finding. For more information, see Findings in AWS Security Hub.

Insight

A collection of related findings defined by an aggregation statement and optional filters. An insight identifies a security area that requires attention and intervention. Security Hub offers several managed (default) insights that you can't modify. You can also create custom Security Hub insights to track security issues that are unique to your AWS environment and usage. For more information, see Insights in AWS Security Hub.

Standard

A predefined collection of rules based on the AWS and security industry best practices. In this release, Security Hub supports the CIS AWS Foundations standard. A rule is a specific compliance control or best practice. After Security Hub is enabled, it immediately begins running continuous and automated checks on your environment's resources against the rules included in the supported and enabled standards. For more information, see Standards Supported in AWS Security Hub: CIS AWS Foundations.