Enabling AWS Security Hub – Event Management with Security Hub and GuardDuty – SCS-C02 Study Guide

Enabling AWS Security Hub

AWS Security Hub can be enabled from the AWS Management Console. However, because Security Hub needs to have the AWS Config service enabled (and prefers to have it fully enabled, watching all resources), you will follow the following steps via CloudFormation in this walk-through as well – all via the Management Console:

  1. Go to https://console.aws.amazon.com/securityhub/ to access the AWS Security Hub main page.
  2. Click on the orange button labeled Go to Security Hub to start the process of enabling Security Hub.
  3. You should be brought to a page labeled Enable AWS Security Hub. In the first section labeled Enable AWS Config, click on the Download button to download the CloudFormation script to quickly set up a full version of the AWS Config service for Security Hub. The file should be named EnableAWSConfig.yml.
  4. In a new tab, go to https://console.aws.amazon.com/cloudformation/ to open the CloudFormation main page. Make sure that, at the top of the screen, you can see you are in the same region where you want to initiate your Security Hub instance. Click on the orange Create stack button.
  5. On the Create stack page, move to the second section, Specify template, and select the radio button labeled Upload a file. Then, click on the button marked Choose a file. Find the EnableAWSConfig.yml file you just downloaded, and then click Open.

Figure 6.13: The template selection screen for Security Hub

  • Click the orange Next button at the bottom of the page.
  • You should now be on the Specify stack details page. Enter enable-config1 as the stack name (note that you cannot have a space in a CloudFormation stack name). Leave all other items as default, since the main interest is the Security Hub service with this exercise. Scroll down to the bottom of the page and click on the orange Next button.

Figure 6.14: The stack name for Security Hub

  • On the Configure stack options page, scroll down to the bottom and click the orange Next button.
  • On Review Enable-Config, scroll down to the bottom of the page. Click on the blue checkbox acknowledging that this template might create IAM resources, and then click the final orange Submit button to create the stack.

Figure 6.15: The acknowledgement screen for Security Hub

  1. Once the AWS Config Recorder is up and running, return to the tab where you set up the Security Hub service.
  2. Now back on the Security Hub service, you can focus on the box labeled Security standards. These are the checks that you want the service to review and give notifications on where security posture is lacking. For this example, select to enable the following standards:
    1. AWS Foundational Security Best Practices v1.0.0
    1. CIS AWS Foundations Benchmark v1.4.0
    1. NIST Special Publication 800-53 Revision 5

Figure 6.16: The Security standards screen for Security Hub

  1. At this point, click the Enable Security Hub button.

When you initially enable Security Hub, you may see a warning message, stating that it could take up to two hours to see results from the newly enabled security checks.

After having set up the Security Hub, you are ready to take a closer look at the security standards and security checks it presents.