AWS Security Hub
User Guide

What Is AWS Security Hub?

Important

Currently, AWS Security Hub is in Preview release.

AWS Security Hub provides you with a comprehensive view of your security state within AWS and helps you check your compliance with the security industry standards and best practices. Security Hub collects security data from across AWS accounts, services, and supported third-party partners and helps you analyze your security trends and identify the highest priority security issues.

When you enable Security Hub, it immediately begins consuming, aggregating, organizing, and prioritizing findings from AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, and from AWS partner security solutions. Security Hub also generates its own findings as the result of running automated and continuous compliance checks using AWS best practices and supported industry standards (in this release, CIS AWS Foundations). Security Hub then correlates findings across providers to help you prioritize the most significant ones and consolidates these findings into actionable graphs and tables.

Security Hub also allows you to create insights - collections of related findings defined by an aggregation statement and optional filters. An insight identifies a security area that requires attention. Security Hub comes with several managed (default insights) and, in addition, you can create your own custom insights.

Important

Security Hub only detects and consolidates those security findings from the supported AWS and partner services that are generated after Security Hub is enabled in your AWS accounts. It does not retroactively detect and consolidate historical security findings that were generated before Security Hub was enabled.

Benefits of Security Hub

  • Security Hub reduces the effort of collecting and prioritizing security findings across accounts, from AWS services, and AWS partner tools. The service ingests data using a standard findings format, eliminating the need for time-consuming data conversion efforts. It then correlates findings across providers to prioritize the most important findings.

  • With Security Hub, you can run automated, continuous account-level configuration and compliance checks based on industry standards and best practices, such as the Center for Internet Security (CIS) AWS Foundations. These checks provide a compliance score and identify specific accounts and resources that require attention.

  • Your security findings across accounts are brought together on integrated dashboards that show you the current security and compliance status. You can easily spot trends, identify potential issues, and take the necessary remediation steps.

  • You can build customized actions and send findings to ticketing, chat, email, or automated remediation systems using integration with Amazon CloudWatch Events.

Accessing Security Hub

You can work with Security Hub in any of the following ways:

Security Hub Console

Sign in to the AWS Management Console and open the Security Hub console at https://console.aws.amazon.com/securityhub/.

Security Hub HTTPS API

You can access Security Hub and AWS programmatically by using the Security Hub HTTPS API, which lets you issue HTTPS requests directly to the service. For more information, see the AWS Security Hub API Reference.