AWS Security Hub integration
AWS Security Hub is a central place to manage security and compliance across an AWS environment. It aggregates, organizes, and prioritizes security alerts and findings from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from third-party security solutions, such as bucketAV.
By integrating bucketAV’s malware scan results into AWS Security Hub, security teams can have a comprehensive view of the security posture of their AWS environment and quickly identify and respond to malware incidents. This helps organizations to reduce the risk of data breaches and to comply with various security and privacy regulations.
Setup
You must enable AWS Security Hub for this add-on to work!
- Set the Stack name to
bucketav-security-hub
. - Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed the docs, the name is
bucketav
). - Select I acknowledge that AWS CloudFormation might create IAM resources.
- Click on the Create stack button to save.
Terraform
resource "aws_cloudformation_stack" "bucketav_add_on_security_hub" {
name = "bucketav-security-hub"
template_url = "https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.4.0/bucketav-add-on-security-hub.yaml"
capabilities = ["CAPABILITY_IAM"]
parameters = {
BucketAVStackName = "bucketav" # if you followed the docs, the name is bucketav
}
}
Update
- To update this add-on to version v2.4.0, go to the AWS CloudFormation Management Console.
- Double-check the region at the top right.
- Search for
bucketav-security-hub
, otherwise search for the name you specified. - Select the stack and click on Update.
- Select Replace current template and set the Amazon S3 URL to
https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/security-hub/v2.4.0/bucketav-add-on-security-hub.yaml
Copy - Click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Update stack.
- While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
- … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.
Architecture
The following AWS services are used:
- SNS Subscription to connect to the Findings Topic.
- Lambda Function to report to Security Hub.
- CloudWatch Alarms to monitor the used AWS services.