Integration with AWS Security Hub

Reading this article you will learn how to integrate your AWS account with your Phoenix Security organisation in order to retrieve vulnerabilities.

Prerequisites

In order to integrate AWS Security Hub with your Phoenix Security account, you should:

– Have access to the platform as an Organisation Admin user 
– Have access to the necessary AWS credentials (see below)

About AWS Security Hub

“AWS Security Hub provides you with a comprehensive view of the security state of your AWS resources. Security Hub collects security data from across AWS accounts and services, and helps you analyse your security trends to identify and prioritise the security issues across your AWS environment.”

In order to integrate Phoenix Security with AWS Security Hub you need to activate the Security Hub service for your AWS account(s). By default, Security Hub collects a number of findings about your cloud assets, but you can activate additional services and integrate third-party assessment tools.

Please use the links below to learn more about AWS Security Hub and how to configure it for your cloud.

• https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html
• https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html

Create a new AWS Security Hub integration

1. On the sidebar menu navigate to the Scanners tab in the Integrations section.

2. Click on the “Add Scanner” button on the right-hand side of the page. 

3. In the first field, enter a name for this scanner integration and then select “AWS Security Hub” from under the CLOUD tab. Then click on ‘Next’. 

4. You must now complete the following fields:

• Region
• Access Key
• Secret Key

Configuration Parameters

Region

Access to AWS Security Hub is region-specific. Therefore, you will be required to specify the AWS region that you want to access through this integration.

Access and Secret Keys

In order to access your AWS Security Hub details, you need to provide the Access Key and Secret Key for an AIM User with the right permissions. As a minimum, the permissions should include the AWSSecurityHubReadOnlyAccess policy.

To get the Access and Secret Keys, log into the AWS console and select the right account and region. Go into the AIM service and select Users from the left-hand side menu. Select the user that you want to use for API access to Security Hub and click on the “Security credentials” tab.

Create a new access key (unless you are using an existing one) and copy the Secret Key. This is the only time that you’ll be able to copy the Secret Key.

5. Once all the required fields have been completed the “Create Scanner” button will become enabled. Click on this button to complete the scanner integration creation process.  

After the scanner integration is created the new entry will appear on the Scanners list page.