Security Hub
The Data Landing Zone integrates with Security Hub, utilizing the setup provided by Control Tower to enable Security Hub in all regions of all accounts. Security Hub should be accessed through the Audit Account in the Security OU.
Security Hub notifications are delivered via Amazon SNS, with support for the following methods:
- Email: Each email address must confirm the notification opt-in the first time it is deployed.
- Slack: Notifications are sent to a designated Slack channel. The Slack workspace must be linked to the Management Account. For setup details, see the SOP AWS Chatbot and Slack Integration.
Below is an example of creating filters for findings based on their severity and workflow status. Notifications for
medium, high, and critical severity findings marked as “new” are sent to the security-hub-high
Slack channel. A
separate filter for resolved and suppressed findings sends notifications to the security-hub-resolved
Slack channel.
Using separate Slack channels helps manage the volume of notifications. Users interested in new findings can focus on
the security-hub-high
channel, while others tracking resolved findings can monitor the security-hub-resolved
channel.
This allows users to mute or unsubscribe from the channel they are not interested in.