[ad_1]
AWS Safety Hub affords over 75 third-party companion product integrations, corresponding to Palo Alto Networks Prisma, Prowler, Qualys, Wiz, and extra, that you should utilize to ship, obtain, or replace findings in Safety Hub.
We suggest that you simply allow your corresponding Safety Hub third-party companion product integrations once you use these companion options. By centralizing findings throughout your AWS and companion options in Safety Hub, you will get a holistic cross-account and cross-Area view of your safety dangers. On this manner, you may transfer past safety reporting and begin implementing automations on prime of Safety Hub that assist enhance your general safety posture and scale back guide efforts. For instance, you may configure your third-party companion choices to ship findings to Safety Hub and construct standardized enrichment, escalation, and remediation options through the use of Safety Hub automation guidelines, or different AWS companies corresponding to AWS Lambda or AWS Step Features.
To allow companion integrations, you need to configure the mixing in every AWS Area and AWS account throughout your group in AWS Organizations. On this weblog publish, we’ll present you find out how to arrange a Safety Hub companion integration throughout your complete group through the use of AWS CloudFormation StackSets.
Overview
Determine 1 exhibits the structure of the answer. The principle steps are as follows:
The deployment script creates a CloudFormation template that deploys a stack set throughout your AWS accounts.
The stack within the member account deploys a CloudFormation customized useful resource utilizing a Lambda perform.
The Lambda perform iterates by goal Areas and invokes the Safety Hub boto3 methodology enable_import_findings_for_product to allow the corresponding companion integration.
While you add new accounts to the organizational items (OUs), StackSets deploys the CloudFormation stack and the companion integration is enabled.
Stipulations
To observe together with this walkthrough, just be sure you have the next conditions in place:
Safety Hub enabled throughout a company within the Areas the place you need to deploy the companion integration.
Trusted entry with AWS Organizations enabled to be able to deploy CloudFormation StackSets throughout your group. For directions on how to do that, see Activate trusted entry with AWS Organizations.
Permissions to deploy CloudFormation StackSets in a delegated administrator account in your group.
AWS Command Line Interface (AWS CLI) put in.
Walkthrough
Subsequent, we present you find out how to get began with enabling your companion integration throughout your group utilizing the next answer.
Step 1: Clone the repository
Within the AWS CLI, run the next command to clone the aws-securityhub-deploy-partner-integration GitHub repository:
Step 2: Arrange the mixing parameters
Open the parameters.json file and configure the next values:
ProductName — Title of the product that you simply need to allow.
ProductArn — The distinctive Amazon Useful resource Title (ARN) of the Safety Hub companion product. For instance, the product ARN for Palo Alto PRISMA Cloud Enterprise, is arn:aws:securityhub:<REGION>:188619942792:product/paloaltonetworks/redlock; and for Prowler, it’s arn:aws:securityhub:<REGION>::product/prowler/prowler. To discover a product ARN, see Obtainable third-party companion product integrations.
DeploymentTargets — Listing of the IDs of the OUs of the AWS accounts that you simply need to configure. For instance, use the distinctive identifier (ID) for the foundation to deploy throughout your complete group.
DeploymentRegions — Listing of the Areas wherein you’ve enabled Safety Hub, and for which the companion integration needs to be enabled.
Save the adjustments and shut the file.
Step 3: Deploy the answer
Open a command line terminal of your choice.
Arrange your AWS_REGION (for instance, export AWS_REGION=eu-west-1) and guarantee that your credentials are configured for the delegated administrator account.
Enter the next command to deploy:
Step 4: Confirm Safety Hub companion integration
To check that the product integration is enabled, run the next command in one of many accounts within the group. Exchange <TARGET-REGION> with one of many Areas the place you enabled Safety Hub.
Step 5: (Optionally available) Handle new companions, Areas, and OUs
So as to add or take away the companion integration in sure Areas or OUs, replace the parameters.json file together with your desired Areas and OU IDs and repeat Step 3 to redeploy adjustments to your Safety Hub companion integration. It’s also possible to immediately replace the CloudFormation parameters for the securityhub-integration-<PARTNER-NAME> from the CloudFormation console.
To allow new companion integrations, create a brand new parameters.json file model with the companion’s product title and product ARN to deploy a brand new stack utilizing the deployment script from Step 3. Within the subsequent step, we present you find out how to disable the companion integrations.
Step 6: Clear up
If wanted, you may take away the companion integrations by destroying the stack deployed. To destroy the stack, use the command line terminal configured with the credentials for the AWS StackSets delegated administrator account and run the next command:
It’s also possible to immediately delete the stack talked about in Step 5 from the CloudFormation console by accessing the stack web page from the CloudFormation console, deciding on the stack securityhub-integration-<PARTNER-NAME>, after which selecting Delete.
Conclusion
On this publish, you discovered the way you to allow Safety Hub companion integrations throughout your group. Now you may configure the companion product of your option to ship, replace, or obtain Safety Hub findings.
You may prolong your safety automation through the use of Safety Hub automation guidelines, Amazon EventBridge occasions, and Lambda capabilities to begin or enrich automated remediation of latest ingested findings from companions. For an instance of how to do that, see Automated Safety Response on AWS.
Developer groups can decide in to configure their very own chatbot in AWS Chatbot to obtain notifications in Amazon Chime, Slack, or Microsoft Groups channels. Lastly, safety groups can use present bidirectional integrations with Jira Service Administration or Jira Core to escalate extreme findings to their developer groups.
When you have suggestions about this publish, submit feedback within the Feedback part beneath. When you have questions on this publish, begin a brand new thread on the AWS Safety, Identification, & Compliance re:Publish or contact AWS Assist.
Need extra AWS Safety information? Observe us on Twitter.
[ad_2]
Source link