AWS Security Hub
User Guide

Managed Insights

In the current release, AWS Security Hub offers the following managed (default) insights:

Important

You can't edit or delete Security Hub managed insights.

  • AWS resources with the most findings

  • Amazon S3 buckets with sensitive data and public read permissions

  • Resources that have a vulnerability or configuration issue and are involved in potential malicious behavior

  • Amazon EC2 instances with vulnerabilities and open to the internet

  • Amazon Machine Images (AMIs) that are generating the most findings

  • AWS resources that don't meet security standards or best practices

  • AWS resources associated with potential data exfiltration

  • AWS resources associated with unauthorized resource consumption

  • AWS users with the most suspicious activity

  • S3 buckets with public write or read permissions

  • S3 buckets that don't meet security standards or best practices

  • S3 buckets with sensitive data

  • Credentials that might have leaked

  • EC2 instances that allow password authentication on SSH and SSH ports and are open to the internet

  • EC2 instances involved in known Tactics, Techniques, and Procedures (TTPs)

  • EC2 instances that have missing security patches for important vulnerabilities

  • EC2 instances with general unusual behavior

  • EC2 instances that have ports accessible from the internet

  • EC2 instances that don't meet security standards or best practices

  • EC2 instances with anonymized connections

  • EC2 instances that are open to the internet

  • EC2 instances associated with adversary reconnaissance

  • AWS resources associated with malware

  • AWS resources associated with cryptocurrency issues

  • AWS resources with unauthorized access attempts

  • Threat intel indicators with the most hits in the last week