Collect Compliance Events From AWS Security Hub
Dash allows teams to connect AWS Security Hub and digest security and compliance events in Dash. Customers can pull security events from Security Hub connected cloud native and 3rd party security solutions into Dash and manage compliance from across AWS.
What Will You Need?
- Dash ComplyOps v2.7.0 or greater – See how to update to latest version of Dash
- About 10 minutes of time
Instructions To Connect Security Hub
1. Login into your Dash ComplyOps application.
2. In the left sidebar, navigate to the Action Center.
3. In the Action Center, click on “Configure Security Hub” button.
4. You will then see the Security Hub page.
AWS Security Hub should already be connected for the AWS account where Dash ComplyOps is installed. You can also connect other AWS accounts via AWS Organizations.
5. Enable Security Hub for one or more regions in an account by clicking on the Settings button next to the AWS account.
For each AWS account, you can “Enable for all regions” or enable Security Hub findings for individual regions.
*Please Note: If you have connected Dash to JIRA, enabling Security Hub will automatically send all Security Hub findings as issue cards to JIRA. This may result in many cards being created, without a function for bulk removal. We will be determining further options for improving this process.
6. After enabling Security Hub for one or more regions and accounts, Dash will digest Security Hub findings and provide compliance insight across the application.
Connecting Security Hub From Other AWS Accounts
In order to connect Dash to instances of Security Hub in other AWS account(s), your team can connect accounts connected via AWS Organizations.
To connect an instance of Security Hub from another AWS account, your team can follow the instructions for connecting other AWS accounts.
1. You can discover all AWS Organizations connected by refreshing the AWS environments.
Navigate to Settings > Monitoring Settings > click on the “Refresh AWS Environments” button.
2. In AWS Account Settings Account connection click Setup for any AWS accounts that are not connected to Dash
You can also connect an AWS Account under SecurityHub > Connect AWS Account > Setup with CloudFormation
All connected AWS accounts will appear in the Security Hub – AWS Account Settings.
Viewing Security Hub Findings
After connecting Security Hub to Dash ComplyOps, Dash will start to monitor and digest Security Hub issues.
You can view the latest Security Hub findings by navigating to the Compliance Center.
- Security Hub findings will appear under Compliance Center > Compliance Issues
- You can filter/sort compliance issues by SecurityHub connected services (Security Hub, GuardDuty, etc) by clicking on the Sources filter in the right bar and selecting services you want to filter by.
- Similar to other security findings, Security Hub issues can be viewed, resolved, and ignored in the Compliance Center.
Editing Security Hub Findings
In the Security Hub, scroll down to the security findings, and click “Edit Rule“.
The edit options will expand for the specific Security Hub finding. You can modify the following fields for each security finding:
Name – Name of the security issue/finding
Description – A description of the Security finding.
Priority – Priority of the security finding(low, medium, or high)
Recommendation – The recommendation for how to resolve a specific compliance issues.
HIPAA Control Relationship – HIPAA controls/standards related to a compliance issue.
SOC 2 Control Relationship – SOC 2 controls/standards related to a compliance issue.
HITRUST Control Relationship – HITRUST controls/standards related to a compliance issue.
All edits to Security Hub findings will be shown in the Compliance Center and Reports Center based on mappings.
Note: Dash updates to Security Hub mappings may override individual edits to issue types findings, where Dash has updated the defined mapping.