All news with #security hub tag

Automating Security Hub Exceptions with Business Context

🔒 This post describes an automated approach to validate and document exceptions to AWS Security Hub findings, enabling security teams to enforce governance while developers request and implement compensating controls. The solution leverages EventBridge, SQS, Lambda, and DynamoDB to validate controls, collect evidence, and maintain an immutable audit trail. It preserves segregation of duties, supports multiple validation types, and includes deployment scripts and CloudFormation templates. The authors emphasize the reference architecture is a starting point and must be reviewed and adapted before production use.

AWS Security Incident Response: Accelerating IR Lifecycle

🛡️ AWS Security Incident Response is a Tier 1, AWS-native service launched in December 2024 to accelerate detection, triage, and containment of security incidents. It integrates with Amazon GuardDuty, AWS Security Hub, and AWS Systems Manager, supports partner integrations, and enables escalation to AWS CIRT. The service centralizes findings, automates monitoring and intelligent triage to reduce false positives, and offers prebuilt containment playbooks and APIs to compress MTTR and coordinate cross-account response.