Security Hub Flashcards
Security hub
What is Security Hub?
Single location for management and remediation of security
Security hub
How do you turn it on?
Enable per-region (so enable it in all regions)
Security hub
I turned on Security Hub. Why isn’t it flagging all my bad stuff?
It isn’t retroactive – works from enabled-point forward.
Security hub
How does Security Hub decide what is an issue?
Compares your AWS account set up with industry standards like PCI
Security hub
How do you get issues out of Security Hub?
Interactive on AWS console or via EventBridge events
Security hub
Where does Security Hub get its raw data to look at?
Lots of AWS services and 3rd party services
Security hub
Examples of some AWS services?
Macie, Inspector, IAM
Security hub
What’s the structure of findings that Security Hub produces?
ASFF: AWS Security Findings Format
Security hub
Why is this structure so important?
Single structure across findings from all the other AWS and 3rd party products
Multi-Account
How does Security Hub work with multiple AWS accounts?
Account invites other accounts to join. Admin and Member accounts.
Multi-Account
How do Security Hub accounts overlap with AWS Organizations accounts?
They don’t. Totally separate structure.
Multi-Account
How does Security Hub work across regions?
It’s regional, but can aggregate across regions