Revisions - AWS Security Hub Automated Response and Remediation

Revisions

Date Change
August 2020 Initial release
October 2020 Added additional troubleshooting information to Appendix C
November 2020 Added deployment instructions for China regions; updated solution deployment instructions for the Security Hub admin account; for more information, refer to the CHANGELOG.md file in the GitHub repository
April 2021 Release v1.2.0: Added new playbook architecture and new AFSBP remediations. For more information, refer to the CHANGELOG.md file in the GitHub repository
May 2021 Release v1.2.1: Bugfix for an issue affecting EC2.2 and EC2.7. For more information, refer to the CHANGELOG.md file in the GitHub repository
August 2021 Release v1.3.0: Added PCI DSS v3.2.1 Playbook. Added 17 new remediations to CIS v1.2.0. Added four new remediations to AFSBP. Converted CIS to use new playbook architecture based on SSM runbooks. Added instructions to extend existing Playbooks with customer-defined remediations. For more information, refer to the CHANGELOG.md file in the GitHub repository
September 2021 Release v1.3.1: CreateLogMetricFilterAndAlarm.py changed to make Actions active, add SNS notification to SO0111-SHARR-LocalAlarmNotification. Changed CIS 2.8 remediation to match new finding data format. For more information, refer to the CHANGELOG.md file in the GitHub repository
November 2021 Release v1.3.2: Bug fixes for CIS v1.2.0 controls 3.1 - 3.14. For more information, refer to the CHANGELOG.md file in the GitHub repository
December 2021 Release v1.4.0: The solution can now be deployed using StackSets. Cross-Region remediation is now supported in addition to cross-account. Member account IAM roles are now retained when the stack is removed. For more information, refer to the CHANGELOG.md file in the GitHub repository
January 2022 Release v1.4.1: Bug fixes. For more information, refer to the CHANGELOG.md file in the GitHub repository
January 2022 Release v1.4.2: Bug fixes. For more information, refer to the CHANGELOG.md file in the GitHub repository