AWS Security Hub

Antivirus for Amazon S3 and Data Classification for Amazon S3 both support AWS Security Hub.

You can enable Security Hub in the Console Settings page. Read on here for more information on implementing it.

AWS Security Hub provides a consolidated view of your security status in AWS. Automate security checks, manage security findings, and identify the highest priority security issues across your AWS environment. We have integrated with AWS Security Hub to allow your Amazon S3 object findings (infected files and data matching classified data patterns) to be posted to this central location. Any infected or matching files found within your Amazon S3 storage can be shown and managed alongside the rest of the findings coming from all other aspects of your infrastructure.

It is very simple to start sending infected or matching scan results to AWS Security Hub. Simply toggle the switch on (becomes purple and text changes from Disabled to Enabled) and we will activate Accept Findings inside of AWS Security Hub and immediately start sending findings. You will not have to manually accept, although you can, the findings service inside the AWS Console. If you do happen to accept the service beforehand, you will still need to enable th toggle inside the management console.

Example Finding within AWS Security Hub Console

Integration as seen inside the AWS Security Hub Console

We expect AWS Security Hub to be subscribed to in the region the console is running within.

Any incident found, no matter the region, will be posted to the console region's AWS Security Hub. Contact Us if you'd like the findings written out to the region they were found in.

Flipping the toggle to enabled when AWS Security Hub is not subscribed to will be reflected with an error.

If you Stop Accepting Findings for our solution inside the AWS Security Hub console, but do not also disable it in the Console Settings page, we will continue to try to send events and errors will be sent to logs.

Last updated