AWS Security Hub Integrations
Introduction
The AWS Security Hub integration collects and parses data from AWS Security Hub REST APIs.
Assumptions
The procedures described in Section 3 assumes that a Log Collector has already been setup.
Compatibility
-
This module is tested against AWS Security Hub API version 1.0.
Requirements
To collect data from AWS Security Hub APIs, users must have an Access Key and a Secret Key. To create API token follow below steps:
-
Login to https://console.aws.amazon.com/.
-
Go to https://console.aws.amazon.com/iam/ to access the IAM console.
-
On the navigation menu, choose Users.
-
Choose your IAM user name.
-
Select Create access key from the Security Credentials tab.
-
To see the new access key, choose Show.
Note:
-
For the current integration package, it is recommended to have interval in hours.
-
For the current integration package, it is compulsory to add Secret Access Key and Access Key ID.
Logs:
-
Findings - This is the securityhub_findings data stream.
-
Insights - This is the securityhub_insights data stream.
AWS Security Hub Integration Procedures
Please provide the following information to CyTech:
Collect AWS Security Hub logs via API
-
AWS Region - AWS Region.
Collect AWS Security Hub Insights from AWS
-
AWS Region - AWS Region.
No Comments