Ensure that AWS Security Hub security standards, enabled within your AWS account(s), are reviewed in order to decide whether or not these standards should be considered unwanted and disabled.
Note 1: You can easily enable and disable configuration changes that you would like to monitor for this rule on Cloud Conformity console based on your requirements.This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine has detected configuration changes made at the Security Hub service level, within your AWS account.
Security Hub is the AWS service that collects, organizes and prioritizes security findings (i.e. potential security risks) from supported AWS and third-party services, as well as generating its own findings as the result of running continuous configuration checks against the conformity rules supported by the industry best practices such as CIS AWS Foundations Benchmark – a set of security configuration best practices for AWS cloud. The Security Hub service aggregates findings from native AWS services enabled in your account(s), such as vulnerability scans from AWS Inspector service, intrusion detection findings from AWS GuardDuty and sensitive data identification findings from Amazon Macie. The main purpose of Amazon Security Hub is to help you obtain and view the overall security and compliance status of your AWS cloud environment in one place. As a security best practice, you need to be aware of all configuration changes made at the AWS Security Hub level, changes such as disabling the service, enabling/disabling security standards, creating/deleting insights and so on. The activity detected by this Cloud Conformity RTMA rule could be any root/IAM user request initiated through AWS Management Console or any AWS API request initiated programmatically using AWS CLI or SDKs, that triggers any of the Amazon Security Hub service actions listed below:
Remediation / Resolution
The detailed visibility that you gain into your cloud environment activity is a key aspect of security and operational best practices. Using Cloud Conformity RTMA to detect Amazon Security Hub configuration changes, can help you prevent any accidental or intentional modifications that may lead to security breaches or unauthorized access to AWS resources and services. With Amazon Security Hub you continuously monitor your AWS accounts using automated compliance checks based on industry best practices or security standards that your organization follows closely, therefore detecting any configuration change made at the Security Hub service level is essential for keeping your AWS cloud environment secure.