AWS Security Hub

AWS Security Hub is a tool available in the AWS cloud platform. Integrating AWS Security Hub with CoreStack helps users to view all security details in CoreStack. In other words, this integration helps users see all security-related findings for their AWS cloud accounts in one place. With this integration, they don’t have to refer to different sources to learn about security findings across their accounts.

AWS Security Hub aggregates all the security findings from AWS, then all those details are made available in CoreStack. Users can only view the details. No remediation steps can be taken from CoreStack. If a Security Hub master account is integrated with CoreStack, then accounts that are not onboarded in CoreStack are also displayed in the findings. To view the relevant list of onboarded accounts that are integrated with AWS Security Hub, users must use the available filter options to filter out any irrelevant accounts. If a Security Hub account is not the account master and is integrated with CoreStack, then accounts that are onboarded in CoreStack will be displayed in the findings.

The cloud account details from AWS are synced at particular periods, and any updated details will be shown in the findings list within CoreStack.

Configuring AWS Security Hub

Perform the following steps to enable AWS Security Hub settings in CoreStack:

  1. Access the CoreStack application.
  2. On the left navigation pane, click Governance > Account Governance.
  3. For an AWS account, click VIEW > View Settings.
  1. Click Additional Account Settings > Security Tools Integration tab.
  2. Select the Integrate with AWS Security Hub checkbox and click SAVE.

A confirmation message is displayed.

View Security Findings

After the AWS Security Hub integration setting is enabled, you can view the security findings from within the CoreStack application.

Perform the following steps to view security findings:

  1. Click Tools Integrations > AWS Security Hub > Findings.

The next screen shows the findings related to your AWS cloud accounts. You can view severity, workflow status, region, cloud account name, whether the cloud account was onboarded or not, AWS account ID, compliance status, etc.

  1. Click on a title corresponding to a row to view the finding ID, severity, recommendations, workflow status, AWS account ID, created date, updated date, company name, product name, etc. You can expand the sections at the end of the screen to view additional details.

The security findings can be downloaded in CSV format. You can also select the columns you want to view in the findings list and can rearrange the columns.