Note: Security Hub comes with a 30 day trial, so you can attempt this lab without incurring AWS charges. You can verify service availability in a desired region via the AWS Regional Services List. If you wish to deploy in different or additional regions, substitute your regions for the ones in the lab where applicable. This lab will assume you are going to administer and deploy AWS Security hub in 2 regions, referred to as Home Region/Secondary Region, and will be using N.Virginia and Oregon. This lab will assume you are using your AWS Control Tower Audit Account, but if you have a separate security account you can substitue that in its place. You will need administrator level access to both the AWS Control Tower Management Account and your the account where you have designated for security tooling to perform this lab. You will also be able to enable Security Hub throughout your organization, for both existing and newly created AWS accounts. This lab will require AdministratorAccess to both that account, and your AWS Control Tower Management account. Depending on your needs you may wish to create a different account, for example, ‘Security Tooling’ in your Infrastructure Organizational Unit(OU) to administer Security Hub.
This lab assumes you will use your AWS Control Tower Audit Account.
Duplicate detective permissions how to#
In this lab you will learn how to set up delegated administration for AWS Security Hub, allowing your security teams to view and manage Security Hub from a designated account for security teams. Having these centralized and aggregated alerts allows customers to take action on them directly in a service such as Amazon Detective or by using Amazon CloudWatch Event rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), and incident management tools or to custom remediation playbooks. Setting up AWS Security Hub with a delegated administrator allows your security teams to achieve this and continuously ingest security alerts from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Identity and Access Management (IAM) Access Analyzer, AWS Systems Manager, and AWS Firewall Manager, as well as from AWS Partner Network (APN) solutions. When operating a multi-account environment, customers are looking to aggregate, organize, and prioritize security findings across all of those accounts. Security Hub with Delegated Administration
0 kommentar(er)
