hands-on with aws security hub · © 2020, amazon web services, inc. or its affiliates. all rights...
TRANSCRIPT
![Page 1: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/1.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Hands-on with AWS Security Hub
![Page 2: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/2.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AgendaSecurity Hub Overview
Inbound Integrations
Outbound Integrations – Taking action
Workshop details
![Page 3: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/3.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security and Compliance Challenges
Backlog of Compliance
requirementsComplexity
Signal to Noise Ratio
Lack of an Integrated View
![Page 4: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/4.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security Hub overview
![Page 5: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/5.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Partner integrationsFirewalls
Vulnerability
SOAR
SIEM
Endpoint
Compliance
MSSP
Other
![Page 6: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/6.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Partner integrations – into Security Hub
AWS Security Hub Customer Account
Partner Account
![Page 7: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/7.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
You can create your own findings
AWS Security Hub
![Page 8: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/8.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Setup and multi-account
![Page 9: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/9.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security and Compliance checks
![Page 10: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/10.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Findings
![Page 11: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/11.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Insights
![Page 12: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/12.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Hub Information Flows
And more to come…
Plus dozens of others…
Plus dozens of others…
Findings
Findings
Secu
rity
Chec
ks Investigations
Remediation Actions
Findings Findings
Taking Action Partners
Plus many others…
Findings
![Page 13: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/13.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Taking action with Security Hub
AWS Security Hub Amazon CloudWatch Events
![Page 14: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/14.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Taking action on all findings
![Page 15: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/15.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Event pattern examples{
“source”: [
“aws.securityhub”
],
“detail-type”: [
“Security Hub Findings - Imported”
],
“detail”: {
“findings”: {
“Resources”: {
“Tags”: {
“Environment”: [
“PCI”
]
}
}
}
}
}
Filter by tags
![Page 16: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/16.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Event pattern examples{
“source”: [
“aws.securityhub”
],
“detail-type”: [
“Security Hub Findings - Imported”
],
“detail”: {
“findings”: {
“Severity”: {
“Normalized”: [
{
"numeric": [
">=",
90
]
}
]
}}}}
Filter by severity
![Page 17: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/17.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Custom actions in Security Hub
RuleEvent
{"source": ["aws.securityhub"
],detail-type": ["Security Hub Findings - Custom Action"
],"resources": ["arn:aws:securityhub:us-west-
2:xxxxxxxxxxxx:action/custom/send_to_email"]
}
![Page 18: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/18.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Custom actions in Security Hub
RuleEvent
RuleEvent
RuleEvent
Run command
![Page 19: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/19.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
![Page 20: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/20.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
High level view of the workshop
ü Tour of Security Hub
ü Create custom insights and custom findings
ü Implement custom actions and remediation
ü Implement finding enrichment and notification
![Page 21: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/21.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Tour Security Hub
Guide on key features of Security Hub
![Page 22: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/22.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Create custom insights and custom findings
Identify non-compliant instances via AWS Config Rules, create and visualize findings in Security Hub.
![Page 23: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/23.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Implement custom actions and remediation
Custom lambda function to isolate an EC2 instance
Deploy remediation playbooks for CIS Benchmarks
![Page 24: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/24.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Implement finding enrichment and notification
Post Security Hub findings into a Slack
Custom action to add EC2 Tags to finding notes
![Page 25: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/25.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Have FunAsk Questions
![Page 26: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/26.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Workshop Guide
![Page 27: Hands-on with AWS Security Hub · © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on with AWS Security Hub](https://reader035.vdocuments.net/reader035/viewer/2022081601/60fb47348c03791763344338/html5/thumbnails/27.jpg)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
https://github.com/aws-samples/aws-security-hub-workshop/blob/master/docs/index.md