AWS Security Hub

AWS Security Hub

Last updated on January 18, 2024

AWS Security Hub Cheat Sheet

  • AWS Security Hub provides a comprehensive view of your security state within AWS and your compliance with security industry standards and best practices.

Features

  • You now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, across multiple accounts, AWS partner tools, and AWS services such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS IAM Access Analyzer, AWS Firewall Manager, and AWS Audit Manager.
  • AWS Security Hub works with AWS Organizations to simplify security posture management across all of your existing and future AWS accounts in an organization.
  • You can run automated, continuous account-level configuration and compliance checks based on industry standards and best practices, such as the Center for Internet Security (CIS) AWS Foundations Benchmark. These checks provide a compliance score and identify specific accounts and resources that require attention.
  • AWS Security Hub compliance checks also leverage configuration items recorded by AWS Config.
  • Integrated dashboards consolidate your security findings across accounts to show you their current security and compliance status.
  • You can send security findings to ticketing, chat, email, or automated remediation systems through integration with Amazon CloudWatch Events.
  • All findings are stored for at least 90 days within AWS Security Hub.

How It Works

AWS Security Hub

  • Security Hub receives and processes only those findings from the same Region where you enabled Security Hub in your account.

Concepts

  • AWS Security Finding Format – A standardized format for the contents of findings that Security Hub aggregates or generates. 
  • Control – A safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements. A security standard consists of controls.
  • Custom action – A Security Hub mechanism for sending selected findings to CloudWatch Events. 
  • Finding – The observable record of a compliance check or security-related detection.
  • Insight – A collection of related findings defined by an aggregation statement and optional filters. An insight identifies a security area that requires attention and intervention.
  • Compliance standards – Sets of controls that are based on regulatory requirements or best practices.
  • You can disable specific compliance controls that are not relevant to your workloads.
  • Compliance standard vs. Control vs. Compliance check
    • A compliance standard is a collection of controls based on regulatory frameworks or industry best practices. Security Hub conducts automated compliance checks against controls. Each compliance check consists of an evaluation of a rule against a single resource. A single control may involve multiple resources and a compliance check is performed against each resource.
    • AWS Security Hub uses a service-linked role that includes the permissions and trust policy that Security Hub requires to detect and aggregate findings, and to configure the requisite AWS Config infrastructure needed to run compliance checks. In order for Security Hub to run compliance checks in an account, you must have AWS Config enabled in that account.

AWS Security Hub Pricing

  • AWS Security Hub is priced based on the quantity of compliance checks and the quantity of finding ingestion events.
  • Pricing is on a monthly per account, per region basis.

Note: If you are studying for the AWS Certified Security Specialty exam, we highly recommend that you take our AWS Certified Security – Specialty Practice Exams and read our Security Specialty exam study guide.

AWS Certified Security - Specialty Exam Study Path

AWS Security Hub Cheat Sheet References:

https://aws.amazon.com/about-aws/whats-new/2018/11/introducing-aws-security-hub/
https://aws.amazon.com/security-hub/
https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html
https://aws.amazon.com/security-hub/faqs/

Tutorials Dojo portal

Be Inspired and Mentored with Cloud Career Journeys!

Tutorials Dojo portal

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Recent Posts

Written by: Jon Bonso

Jon Bonso is the co-founder of Tutorials Dojo, an EdTech startup and an AWS Digital Training Partner that provides high-quality educational materials in the cloud computing space. He graduated from Mapúa Institute of Technology in 2007 with a bachelor's degree in Information Technology. Jon holds 10 AWS Certifications and is also an active AWS Community Builder since 2020.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?