AWS Security Hub provides security alerts and compliance information related to Amazon Web Service accounts, services, and supported third-party partner products. It aggregates, organizes, and prioritizes security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty and Amazon Cloudwatch. Amazon Cloudwatch is native to AWS Security Hub and has event rules that allows prioritization and grouping findings into tickets or automated remediation systems. GuardDuty is a managed threat detection service that uses machine learning to safeguard critical AWS accounts and services from malicious activity and other security threats. It monitors and logs activity within the AWS environment, provides recommendations for remediation and assigns severity to those issues. GuardDuty offers seamless integration with AWS Cloudwatch events and Lambda to provide automated remediation plans.
With the AWS Security Hub integration with RSA Archer, organizations can standardize the findings from all these sources eliminating the need to convert the data for analysis. It allows organizations to automatically import data from AWS Security Hub directly into RSA Archer. Organizations will have visibility into the AWS Security Hub findings and can analyze the data to prioritize security alerts that impact the organization the most. They can report on their findings and update AWS Security Hub from RSA Archer.
Integration Features
The AWS Security Hub integration enables organizations to:
- Capture and prioritize security findings across AWS services and partner offerings
- Generate findings from AWS accounts and services into a centralized location
- Configuration and compliance checks to identify accounts or resources that require attention
- Automate threat detection service to monitor AWS accounts for potential malicious activity and vulnerabilities
Solution and Platform Information
- Solution Area: RSA Archer IT & Security Risk Management
- Impacted Use Cases:
- Supported Platform Version: This offering has been validated on RSA Archer Platform release 6.7.
- RSA Archer On-Demand Application (ODA) Licenses: Two (2) RSA Archer On-Demand Application (ODA) licenses are required
For More Information
To learn more about the AWS Security Hub certified integration:
- Review the Implementation Guide; and
- Download the Installation Package.
For Additional Support
To learn more about this offering, please contact your Account Rep for additional details. For technical support questions regarding this offering, please open a support case or contact RSA Archer at archersupport@rsa.com for more information.