Security Hub integration Add-On
This add-on reports findings to AWS Security Hub for further analysis.
You must enable AWS Security Hub for this add-on to work!
Table of Contents
Setup
- Set the Stack name to
bucketav-security-hub
. - Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed our docs, the name is
bucketav
, ors3-virusscan
for older installations). - Select I acknowledge that AWS CloudFormation might create IAM resources.
- Click on the Create stack button to save.
Update
- To update this add-on to version v2.2.0, go to the AWS CloudFormation Management Console .
- Double-check the region at the top right.
- Search for
bucketav-security-hub
(ors3-virusscan-security-hub
for older installations), otherwise search for the name you specified. - Select the stack and click on Update.
- Select Replace current template and set the Amazon S3 URL to
https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.2.0/bucketav-add-on-security-hub.yaml
Copy - Click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Update stack.
- While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
- … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.
Architecture
The following AWS services are used:
- SNS Subscription to connect to the Findings Topic.
- Lambda Function to report to Security Hub.
- CloudWatch Alarms to monitor the used AWS services.