Overview
Amazon Web Services, is a subsidiary of Amazon that provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered, pay-as-you-go basis.
"Findings" refer to the results or discoveries identified by a system or service, particularly in the context of security or audits. For instance, weaknesses, signs of breaches, or non-compliances identified during a security audit or monitoring process can be termed as "findings." Security services like AWS SecurityHub detect and present findings within your systems.
Granting the SecurityHub permission to access the API endpoint created for retrieving findings from AWS Security Hub is required.
Prerequisites
- Logsign 6.4.7+ versions support this integration.
Configure On AWS
Forwarding settings are completed as follows:
- Log in to your AWS console.
Click on "Security credentials" in the top right corner where your profile is shown.
We are creating a user with basic read permissions to establish connection with the API. If you already have a user for this process, you can update their permissions by editing the existing one.
After the user is created, we perform the following steps for the access key and secret information.
After securely noting down the Access and Secret key information, you can proceed with the Logsign integration.
SecurityHub Findings Screen
Configure On Logsign
- Login to your Logsign UI.
- Click Settings > Data Collection > +Device.
- Define the settings as follows:
- Select the API > AWS Security Hub.
- Access Key: Define the Access Key.
- Secret Key: Define the Secret Key.
- Region: Define the Region. You can review the following information about the region.
- Period: Specify the period.
- Data Policy: If you have a Data Policy to add for the source, please add it.
- Check Health: If there is a Health Check Period you want to define, click Check Health.
- Device Name: Define the Device Name.
- Tags: If you want to add any tags, please define it.
- Roles: If you want to specify any roles, please select it.
- Click the Save button.
AWS Regions
Each AWS Region is designed to be isolated from the other AWS Regions. This design achieves the greatest possible fault tolerance and stability.
When you view your resources, you see only the resources that are tied to the AWS Region that you specified. This is because AWS Regions are isolated from each other, and we don't automatically replicate resources across AWS Regions.
Region availability
The following table shows the AWS Regions where Amazon RDS is currently available and the endpoint for each Region.