AWS SecurityHub - Event Poller

Overview

Amazon Web Services, is a subsidiary of Amazon that provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered, pay-as-you-go basis. 

"Findings" refer to the results or discoveries identified by a system or service, particularly in the context of security or audits. For instance, weaknesses, signs of breaches, or non-compliances identified during a security audit or monitoring process can be termed as "findings." Security services like AWS SecurityHub detect and present findings within your systems. 

Granting the SecurityHub permission to access the API endpoint created for retrieving findings from AWS Security Hub is required.

Prerequisites

  • Logsign 6.4.7+ versions support this integration.

Configure On AWS

Forwarding settings are completed as follows:

  1. Log in to your AWS console.

Click on "Security credentials" in the top right corner where your profile is shown.

We are creating a user with basic read permissions to establish connection with the API. If you already have a user for this process, you can update their permissions by editing the existing one.

 

 

After the user is created, we perform the following steps for the access key and secret information.

 

 

 

 

After securely noting down the Access and Secret key information, you can proceed with the Logsign integration.

 

SecurityHub Findings Screen

 

 

Configure On Logsign

  1. Login to your Logsign UI.
  2. Click Settings > Data Collection > +Device.
  3. Define the settings as follows:
  • Select the API > AWS Security Hub.
  • Access Key: Define the Access Key.
  • Secret Key: Define the Secret Key.
  • Region: Define the Region. You can review the following information about the region.
  • Period: Specify the period.
  • Data Policy: If you have a Data Policy to add for the source, please add it.
  • Check Health: If there is a Health Check Period you want to define, click Check Health.
  • Device Name: Define the Device Name.
  • Tags: If you want to add any tags, please define it.
  • Roles: If you want to specify any roles, please select it.
  1. Click the Save button.

AWS Regions

Each AWS Region is designed to be isolated from the other AWS Regions. This design achieves the greatest possible fault tolerance and stability.

When you view your resources, you see only the resources that are tied to the AWS Region that you specified. This is because AWS Regions are isolated from each other, and we don't automatically replicate resources across AWS Regions.

Region availability

The following table shows the AWS Regions where Amazon RDS is currently available and the endpoint for each Region.

Region Name

Region
US East (Ohio) us-east-2
US East (N. Virginia) us-east-1
US West (N. California) us-west-1
US West (Oregon) us-west-2
Africa (Cape Town) af-south-1
Asia Pacific (Hong Kong) ap-east-1
Asia Pacific (Hyderabad) ap-south-2
Asia Pacific (Jakarta) ap-southeast-3
Asia Pacific (Melbourne) ap-southeast-4
Asia Pacific (Mumbai) ap-south-1
Asia Pacific (Osaka) ap-northeast-3
Asia Pacific (Seoul) ap-northeast-2
Asia Pacific (Singapore) ap-southeast-1
Asia Pacific (Sydney) ap-southeast-2
Asia Pacific (Tokyo) ap-northeast-1
Canada (Central) ca-central-1
Canada West (Calgary) ca-west-1
Europe (Frankfurt) eu-central-1
Europe (Ireland) eu-west-1
Europe (London) eu-west-2
Europe (Milan) eu-south-1
Europe (Paris) eu-west-3
Europe (Spain) eu-south-2
Europe (Stockholm) eu-north-1
Europe (Zurich) eu-central-2
Israel (Tel Aviv) il-central-1
Middle East (Bahrain) me-south-1
Middle East (UAE) me-central-1
South America (São Paulo)

sa-east-1

 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.