About AWS Security Hub
“AWS Security Hub provides you with a comprehensive view of the security state of your AWS resources. Security Hub collects security data from across AWS accounts and services, and helps you analyse your security trends to identify and prioritise the security issues across your AWS environment.”
In order to integrate Phoenix Security with AWS Security Hub you need to activate the Security Hub service for your AWS account(s). By default, Security Hub collects a number of findings about your cloud assets, but you can activate additional services and integrate third-party assessment tools.
Please use the links below to learn more about AWS Security Hub and how to configure it for your cloud.
- https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html
- https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html
Create a new AWS Security Hub integration
- On the sidebar menu navigate to the Scanners tab in the Integrations section.
- Click on the “Add Scanner” button on the right-hand side of the page.
- In the first field, enter a name for this scanner integration and then select “AWS Security Hub” from under the CLOUD tab. Then click on ‘Next’.
- You must now complete the following fields:
- Region
- Access Key
- Secret Key
Configuration Parameters
Region
Access to AWS Security Hub is region-specific. Therefore, you will be required to specify the AWS region that you want to access through this integration.
Access and Secret Keys
In order to access your AWS Security Hub details, you need to provide the Access Key and Secret Key for an AIM User with the right permissions. As a minimum, the permissions should include the AWSSecurityHubReadOnlyAccess policy.
To get the Access and Secret Keys, log into the AWS console and select the right account and region. Go into the AIM service and select Users from the left-hand side menu. Select the user that you want to use for API access to Security Hub and click on the “Security credentials” tab.
Create a new access key (unless you are using an existing one) and copy the Secret Key. This is the only time that you’ll be able to copy the Secret Key.
- Once all the required fields have been completed the “Create Scanner” button will become enabled. Click on this button to complete the scanner integration creation process.
After the scanner integration is created the new entry will appear on the Scanners list page.