Guides

AWS Security Hub integration

This feature is only available for bucketAV for Amazon S3!

AWS Security Hub is a central place to manage security and compliance across an AWS environment. It aggregates, organizes, and prioritizes security alerts and findings from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from third-party security solutions, such as bucketAV.

By integrating bucketAV’s malware scan results into AWS Security Hub, security teams can have a comprehensive view of the security posture of their AWS environment and quickly identify and respond to malware incidents. This helps organizations to reduce the risk of data breaches and to comply with various security and privacy regulations.

AWS Security Hub findings

Setup

You must enable AWS Security Hub for this Add-On to work!

Install Add-On (requires a running bucketAV installation)

  1. Set the Stack name to bucketav-security-hub.
  2. Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed the docs, the name is bucketav).
  3. Select I acknowledge that AWS CloudFormation might create IAM resources.
  4. Click on the Create stack button to save.
Not available. Please contact us if you have a use case for it!

Run Lambda in a VPC

By default, the add-on deploys Lambda functions with access to the Internet. In case you want to deploy the Lambda functions into a VPC, configure the LambdaVpc and LambdaSubnets parameters.

The add-on requires access to the following endpoints (replace REGION with the AWS region like eu-west-1):

https://securityhub.REGION.amazonaws.com

Ensure that the subnets configured in the LambdaSubnets parameter have access to these endpoints via a NAT Gateway or VPC Endpoints.

CloudFormation snippet

# [...]
Resources:
  # [...]
  SecurityHub:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        BucketAVStackName: 'bucketav' # if you followed the docs, the name is bucketav
      TemplateURL: 'https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.12.0/bucketav-add-on-security-hub.yaml'
Not available. Please contact us if you have a use case for it!

Terraform snippet

resource "aws_cloudformation_stack" "bucketav_add_on_security_hub" {
  name         = "bucketav-security-hub"
  template_url = "https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.12.0/bucketav-add-on-security-hub.yaml"
  capabilities = ["CAPABILITY_IAM"]
  parameters = {
    BucketAVStackName = "bucketav" # if you followed the docs, the name is bucketav
  }
}
Not available. Please contact us if you have a use case for it!

Update

Which version am I using?

  1. To update this Add-On to version v2.12.0, go to the AWS CloudFormation Management Console.
  2. Double-check the region at the top right.
  3. Search for bucketav-security-hub, otherwise search for the name you specified.
  4. Select the stack and press the Update stack button; press Make a direct update.
  5. Select Replace existing template and set the Amazon S3 URL to https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.12.0/bucketav-add-on-security-hub.yaml Copy
  6. Click on Next.
  7. Scroll to the bottom of the page and click on Next.
  8. Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Next.
  9. Scroll to the bottom of the page and click on Submit.
  10. While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
  11. … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.
Not available. Please contact us if you have a use case for it!

Architecture

The following AWS services are used:

  • SNS Subscription to connect to the Findings Topic.
  • Lambda Function to report to Security Hub.
  • CloudWatch Alarms to monitor the used AWS services.
  • CloudWatch Logs to store logs.

Release Notes

Subscribe to our Atom feed or newsletter to stay up-to-date! We also publish a machine-readable JSON file.

v2.12.0

Changes:

  • Update Lambda Node.js runtime to version 22

Release date:2025-02-28

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.12.0/bucketav-add-on-security-hub.yaml

v2.11.0

Changes:

  • Reserved Concurrent Execution for Lambda functions

Release date:2024-11-19

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.11.0/bucketav-add-on-security-hub.yaml

v2.10.0

Changes:

  • Support for new governance check if core/add-on is out-of-date

Release date:2024-10-22

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.10.0/bucketav-add-on-security-hub.yaml

v2.9.0

Changes:

  • Add CloudFormation output LambdaDeadLetterQueueName

Release date:2024-09-24

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.9.0/bucketav-add-on-security-hub.yaml

v2.8.0

Changes:

  • Add parameter to ignore client-side encrypted files
  • Improve description

Release date:2024-08-11

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.8.0/bucketav-add-on-security-hub.yaml

v2.7.0

Changes:

  • Add Lambda DLQs for async invoked functions
  • Bug fixes

Release date:2024-07-09

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.7.0/bucketav-add-on-security-hub.yaml

v2.6.0

Changes:

  • Update Lambda runtime to Node.js 20

Release date:2024-02-14

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.6.0/bucketav-add-on-security-hub.yaml

v2.5.0

Changes:

  • Add Service Discovery

Release date:2023-12-07

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.5.0/bucketav-add-on-security-hub.yaml

v2.4.0

Changes:

  • Update Lambda runtime to Node.js 18

Release date:2023-08-30

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.4.0/bucketav-add-on-security-hub.yaml

v2.3.0

Changes:

  • Support for Governance findings
  • Performance improvements

Release date:2023-08-23

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.3.0/bucketav-add-on-security-hub.yaml

v2.2.0

Changes:

  • Update Lambda runtime to Node.js 16

Release date:2022-06-08

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.2.0/bucketav-add-on-security-hub.yaml

v2.1.0

Changes:

  • Adding product and company name to findings

Release date:2022-04-11

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.1.0/bucketav-add-on-security-hub.yaml

v2.0.1

Changes:

  • Improve Lambda config

Release date:2021-12-22

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.0.1/bucketav-add-on-security-hub.yaml

v2.0.0

Changes:

  • Initial release

Release date:2021-07-30

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.0.0/bucketav-add-on-security-hub.yaml

Not available. Please contact us if you have a use case for it!

Need more help?

Write us, and we'll get back to you as soon as we can.

Send us an email