AWS Security Hub
Copy link

ℹ️

AWS Security Hub data import behavior

Note that AWS Security Hub will only be able to import new assessment data from Vulnerability Management (InsightVM) after you deploy this integration. Historical data that existed prior to deploying the integration will not be imported.

Amazon Web Services (AWS) Security Hub features an integration with Rapid7 InsightVM. Configure this integration to utilize the following benefits:

  • View and manage security findings collected by Rapid7 in the AWS environment and your Vulnerability Management (InsightVM) console
  • Quickly identify high priorities, get guidance to resolve these issues, respond to issues, and identify critical security trends in a single place

Pricing Model
Copy link

During the preview period, AWS Security Hub is temporarily free, with access to all features at an unlimited scale. For more pricing details, refer to AWS Security Hub’s pricing plans.

Before You Start
Copy link

Please confirm that you meet the requirements for both AWS Security Hub and InsightVM.

AWS Subscription
Copy link

Since AWS Security Hub gathers security findings from AWS services, you must subscribe to at least one of the services below:

  • Amazon GuardDuty
  • Amazon Inspector
  • Amazon Macie
⚠️

AWS Account Required

If you do not have an account to one of the AWS services mentioned above, you cannot access AWS Security Hub.

AWS Security Hub Supported Regions
Copy link

AWS Security Hub must be enabled in the same AWS supported region as your Vulnerability Management (InsightVM) instance in order for the integration to work. Check this list to confirm AWS Security Hub availability.

Vulnerability Management (InsightVM) Integration Requirements
Copy link

After confirming you meet the AWS requirements, ensure you meet either one of the Vulnerability Management (InsightVM) requirements below:

  • Agent 2.1 or later is deployed in AWS
  • You use AWS Discovery Connection v2 (console version v6.5.43 or later, released on 11/28/18)

Enable and Set Up AWS Security Hub
Copy link

After confirming you meet the AWS Security Hub requirements, access your free AWS Security Hub preview and follow the instructions to opt into Vulnerability Management (InsightVM) via the providers’ page in the Security Hub console. You can also refer to Setting Up AWS Security Hub in the user guide.

Enable AWS Security Hub in Vulnerability Management (InsightVM)
Copy link

After enabling AWS Security Hub, you’re ready to enable the integration in InsightVM. Note that you can only have one instance of Security Hub associated to Vulnerability Management (InsightVM) at a time.

  1. In your Vulnerability Management (InsightVM) console, click Management in the left nav.
Screen Shot 2018-12-20 at 5.42.06 PM.png
  1. Under Asset Data, navigate to AWS Security Hub and click Add.
  2. Slide toggle to the right to enable AWS Security Hub.
  3. Click Save.
  4. Close the panel.

Get Started with AWS Security Hub
Copy link

Visit these AWS Security Hub resources to learn more:

This article will refer to the AWS Security Hub User Guide.

Concepts and Terminology
Copy link

To make the most of AWS Security Hub, it is helpful to learn the key concepts listed below:

  • Finding - A security issue that is collected by AWS Security Hub. It can be discovered by AWS or a third-party service, like Rapid7.
  • Insight - A group of related findings defined by an aggregation statement and optional filters. An insight identifies high priority items.
  • Standards - A predefined group of rules based on security industry and AWS best practices which is used to measure compliance.

For more information, refer to AWS Security Hub Terminology and Concepts.

Work in AWS Security Hub
Copy link

There are several ways to see and prioritize security issues. The Security Hub dashboard shows a snapshot of your insights prioritized by severity. You can also build and designate a “my favorites” insight group that contains AWS and partner insights.

View Vulnerability Management (InsightVM) Data in Security Hub
Copy link

After setting up AWS Security Hub and enabling Vulnerability Management (InsightVM) in the Security Console, configure Security Hub to display view your findings. To do so, follow these steps:

  1. Login to AWS Security Hub.
  2. Click Findings in the left navigation.
  3. In the search box, enter Company name EQUALS 'Rapid7'.
  4. Click Apply.
image (6).png

After completing this process, you can view your Vulnerability Management (InsightVM) findings. Security Hub provides the following information:

  • The Summary page is a dashboard that provides a high-level overview and visualizations of your findings in Security Hub.
Summary.png
  • The Investigate page lists insights, which are aggregated groups of findings. You can filter your findings by adding a query and can prioritize your remediation efforts by severity, title, status, or “last seen.”
Investigate.png
  • Clicking on an individual finding shows more detail in a new pane.
Google_Chrome.png

Use Managed and Custom Insights
Copy link

AWS Security Hub provides managed insights, which are non-editable or deletable templates that help you identify security risks. If you need to create a template that is unique to your AWS environment and usage, create a custom insight. For more information, see Insights in AWS Security Hub in the User Guide.

Manage Security Hub Findings
Copy link

To help you manage your security hub findings, you can apply filters to prioritize, organize, or archive them. For more information, see Findings in AWS Security Hub in the User Guide.

Manage AWS Accounts in AWS Security Hub
Copy link

You can invite and enable multiple accounts to AWS Security Hub. When other accounts accept your invitation, your AWS Security Hub becomes the master account. The associated accounts become member accounts. For more information, see Managing AWS Accounts in AWS Security Hub in the User Guide.

Disable AWS Security Hub
Copy link

To disable AWS Security Hub, you will need to remove both connections from:

  • Vulnerability Management (InsightVM)
  • AWS Security Hub

Disable Vulnerability Management (InsightVM)
Copy link

You can either disable or delete the Security Hub from the Vulnerability Management (InsightVM) console. Follow these steps to disable:

  1. In your Vulnerability Management (InsightVM) console, click Management in the left nav.
Screen Shot 2018-12-20 at 5.42.06 PM.png
  1. Under Asset Data, click AWS Security Hub.
  2. Click Edit.
  3. Slide toggle to left to disable AWS Security Hub.
  4. Click Save.
  5. Close the panel.

To delete the Security Hub, follow these steps:

  1. Follow steps 1 - 2 above.
  2. Click Delete.
  3. Close the panel.

Disable AWS Security Hub
Copy link

After disabling Vulnerability Management (InsightVM), disable AWS Security Hub. You can do so in the Security Hub console or using the DisableSecurityHub API operation.

It is important to note that if you disable Security Hub, your existing findings, insights, and configurations will be lost permanently. This includes your master account and its associated accounts. To keep a record of this information, you can save before disabling the Security Hub. For more information, see Disabling AWS Security Hub in the User Guide.

AWS Security Hub Support
Copy link

If you don’t see any findings in Security Hub and you have met the following conditions, contact Rapid7 support:

  • Enabled Vulnerability Management (InsightVM) findings in AWS Security Hub
  • Deployed an agent in AWS
  • Enabled AWS Security Hub in the Vulnerability Management (InsightVM) console

For any other AWS Security Hub issues, contact AWS.