Security Hub integration Add-On

This add-on reports findings to AWS Security Hub for further analysis.

You must enable AWS Security Hub for this add-on to work!

Table of Contents

Setup

Install Add-On

  1. Set the Stack name to bucketav-security-hub.
  2. Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed our docs, the name is bucketav, or s3-virusscan for older installations).
  3. Select I acknowledge that AWS CloudFormation might create IAM resources.
  4. Click on the Create stack button to save.

Update

Which version am I using?

  1. To update this add-on to version v2.0.0, go to the AWS CloudFormation Management Console .
  2. Double-check the region at the top right.
  3. Search for bucketav-security-hub (or s3-virusscan-security-hub for older installations), otherwise search for the name you specified.
  4. Select the stack and click on Update.
  5. Select Replace current template and set the Amazon S3 URL to https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.0.0/bucketav-add-on-security-hub.yaml Copy
  6. Click on Next.
  7. Scroll to the bottom of the page and click on Next.
  8. Scroll to the bottom of the page and click on Next.
  9. Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Update stack.
  10. While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
  11. … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.

Architecture

The following AWS services are used:

  • SNS Subscription to connect to the Findings Topic.
  • Lambda Function to report to Security Hub.
  • CloudWatch Alarms to monitor the used AWS services.

Need more help?

Write us, and we'll get back to you as soon as we can.

Send us an email