forked from splunk/security_content
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaws_security_hub_alerts.yml
More file actions
23 lines (23 loc) · 881 Bytes
/
aws_security_hub_alerts.yml
File metadata and controls
23 lines (23 loc) · 881 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
name: AWS Security Hub Alerts
id: 2f2f610a-d64d-48c2-b57c-96722b49ab5a
version: 1
date: '2020-08-04'
author: Bhavin Patel, Splunk
description: This story is focused around detecting Security Hub alerts generated
from AWS
narrative: AWS Security Hub collects and consolidates findings from AWS security services
enabled in your environment, such as intrusion detection findings from Amazon GuardDuty,
vulnerability scans from Amazon Inspector, S3 bucket policy findings from Amazon
Macie, publicly accessible and cross-account resources from IAM Access Analyzer,
and resources lacking WAF coverage from AWS Firewall Manager.
references:
- https://aws.amazon.com/security-hub/features/
tags:
category:
- Cloud Security
product:
- Splunk Security Analytics for AWS
- Splunk Enterprise
- Splunk Enterprise Security
- Splunk Cloud
usecase: Security Monitoring