AWS Security Hub

Version: AWS and NetsurionAWSIntegrator v2.0.2 or above.

AWS Security Hub is a cloud security posture service that automates security checks and brings security alerts into a central location.

Netsurion Open XDR manages logs retrieved from AWS Security Hub. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in AWS Security Hub.

The following are the key assets included with this Data Source Integration.

Alerts

TypeNameDescription
SecurityAWS Security Hub – Critical findingsGenerated whenever critical and high severity findings are captured by AWS Security Hub.
SecurityAWS Security Hub – Configuration manipulation detectedGenerated whenever sensitive configuration(s) related to AWS Security Hub are changed.

Reports

TypeNameDescription
SecurityAWS Security Hub – All findingsProvides information about all security findings generated by AWS Security Hub.
ComplianceAWS Security Hub – Activity overviewProvides details about all console level activities related to AWS Security Hub.

Dashboards

TypeNameDescription
SecurityAWS Security Hub – Critical severity findingsDisplays all critical findings based on its name.
SecurityAWS Security Hub – High severity findingsDisplays all high severity findings based on its name.
SecurityAWS Security Hub – Medium severity findingsDisplays all medium severity findings based on its name.
SecurityAWS Security Hub – Configuration modification detectedDisplays information about configuration modifications based on actions.
SecurityAWS Security Hub – Resources configuredDisplays the integration of a partner products or AWS services.

Saved Searches

TypeNameDescription
SecurityAWS Security Hub – All findingsProvides information about all security findings generated by AWS Security Hub.
ComplianceAWS Security Hub – Activity overviewProvides details about all console level activities related to AWS Security Hub.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 and later, and AWS Security Hub.

Download the Integration Guide for configuration instructions and more information.