When enabling the Security Hub service, you were presented with several security standards that could be used to run checks against your environment. At the time of publishing, the security standards built into the Security Hub service are as follows:
Security standards allow you to focus on a specific compliance framework when viewing the results in AWS Security Hub. For example, the Payment Card Industry Data Security Standard (PCI-DSS) delivers a collection of AWS security best practices for handling cardholder data. The NIST Special Publication, 800-53 Revision 5 set of best practices helps your organization protect the availability, confidentiality, and integrity of its information systems and critical resources. The National Institute of Standards and Technology developed it.
Each of the security standards has a corresponding set of security controls. The number of controls varies widely by security standard, as you can see in Table 6.2:
| Control count | |
| AWS Foundational Security Best Practices | 197 |
| CIS AWS Foundations Benchmark v1.2.0 | 43 |
| CIS AWS Foundations Benchmark v1.4.0 | 39 |
| NIST Special Publication 800-53 Rev 5 | 216 |
| PCI-DSS v3.2.1 | 45 |
Table 6.2: The number of security controls in each security standard
Once you have a control enabled, AWS will run security checks to confirm whether your resources comply with the rules included in the particular control.
AWS Security Hub uses the AWS Config service to run the security checks. Therefore, the security checks can be run on a periodic schedule or when there is a change made to a particular resource or service.
As the security checks are run, Security Hub generates findings and uses them to calculate a score across all the enabled controls for a specific standard.
As Security Hub gathers findings about your accounts, it aggregates and groups them. When it has a collection of related findings that it feels warrants attention and remediation, it presents those to you as an insight, and insights help you identify the actual root cause.
Figure 6.17: An AWS-generated graph of insights
Inside the insights feature of Security Hub, interactive graphs are built on the fly for you that allow you to drill down and gain more insightful information.
Security Hub features two types of insights:
Note
You cannot modify or delete the managed insights provided by the AWS Security Hub service.
Managed Insights
Managed insights in Security Hub only return results if you have enabled the corresponding product integration or security standard that can produce matching findings.
Some examples of managed insights are as follows:
Custom insights
If you want to create your own custom insight, you can do so with the help of the Security Hub API, the AWS CLI, or PowerShell.
You need to choose a grouping attribute, such as the product name, and then include any additional filters to display on your insight.
Having understood the basics of the insights provided by Security Hub, let’s now take a look at how a real-world example would be shown in AWS Security Hub.
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
