Enable event forwarding to AWS Security Hub

Deploy the integration between Workload Security and AWS Security Hub

AWS Security Hub provides you with a comprehensive view of your security state in AWS. Security Hub collects security data from across AWS accounts, services, and supported third-party partner products and helps you analyze your security trends to identify the highest priority security issues. This example application creates the custom integration with AWS Security Hub. With this integration it is possible to send Workload Security events to Security Hub with the use of the SNS.

Sec_Hub


1. Enable your AWS account to leverage AWS Security Hub.

  • In the AWS Console, navigate to Security Hub.
  • Click Go to Security Hub.
  • Leave the default selections.
  • Click Enable Security Hub.

Sec_Hub Sec_Hub Sec_Hub


2. Now launch the provided CloudFormation template below.

Launch Stack

  • Click Next.

Sec_Hub


3. A Cloud One API Key needs to be created to continue deployment.

  • On the Cloud One Console home page, click User Management Sec_Hub

4. Select the API Keys tab from the left-hand menu.

  • Click new
  • API Key Alias: immersion-day
  • Role: Full Access
  • Click Next
  • Copy down your API Key in a secure location

Sec_Hub Sec_Hub


4. Back in the Security Hub CloudFormation tab.

  • Paste in your API Key
  • Click Next

Sec_Hub


5. Configure Stack Options

  • Add Tags (Optional)
  • Click Next

Sec_Hub Sec_Hub


6. Review Stack and Deploy

  • Check Acknowledge box
  • Click Create Stack

Sec_Hub Sec_Hub


7. Wait for the stack to reach complete status.

Sec_Hub Sec_Hub


8. Select the Outputs tab.

  • Copy down the values for:
    • AccessKey
    • SNSTopic
    • SecretKey

Sec_Hub


9. Navigate to the Cloud One Workload Security console.

  • Click the tab Administration
  • From the left-hand menu, select System Settings.
  • Select Event Forwarding from the system settings tabs.
  • Check the box to publish event to Amazon SNS.
  • Under Access Key, paste in the value from the previous step.
  • Under Secret Key, paste in the value from the previous step.
  • Under Amazon SNS, paste in the value from the previous step.
  • Click Test credentials and send notification.
  • Click Save in the lower right corner.

Sec_Hub


Congrats on your custom Security Hub integration from Workload Security we will generate events in the labs ahead.🤩 🤖 ✅ ☁️