A configuration package to enable AWS Security Hub in an AWS account including service prerequisites and notification. AWS Security Hub turns on CIS AWS Foundations Compliance Standards by default.

Configuration to enable AWS Security Hub in an AWS Account, with option to configure security standards such as CIS Foundation Benchmarks.

This template creates an AWS Security Hub automation rule with the specified criteria and actions. The automation rule is used to automatically respond to security findings based on the defined criteria. The example includes all available fields for criteria and actions.

This template creates an AWS Security Hub resource. It enables the default standards and turns on consolidated control findings.

This template creates an AWS Security Hub resource with the specified tags. It disables the default standards and turns off consolidated control findings.

This template creates an AWS SecurityHub Standard resource and enables the AWS Foundational Security Best Practices (FSBP) standard with all controls enabled. The `StandardsArn` property is set to the ARN of the FSBP standard. The template also includes an output `StandardsSubscriptionArn` that references the created Standard resource.

This template creates an AWS SecurityHub Standard resource and enables the FSBP standard. The `StandardsArn` property is set to the ARN of the FSBP standard. The template also includes a `DisabledStandardsControls` property that specifies the controls to be disabled in the standard. The controls are specified using their ARNs and a reason for disabling them. The template also includes an output `StandardsSubscriptionArn` that references the created Standard resource.

Creates a custom action in AWS Security Hub to send selected findings to a chat system.

This Terraform template elevates the severity of findings to CRITICAL for specific AWS resources, such as an S3 bucket, when they are at risk.

Configures Security Hub with default standards enabled across all regions.

Configures Security Hub with a disabled policy example.

This template enables the Security Hub finding aggregator for all regions except the ones specified.

Creates a Security Hub custom insight to filter findings by specific AWS account IDs.

Creates a Security Hub custom insight to filter findings based on a date range of the last 5 days.

Creates a Security Hub custom insight to filter findings by a specific network destination IPv4 address range.

Creates a Security Hub custom insight to filter findings by a minimum confidence level of 80.

Creates a Security Hub custom insight to filter findings based on specific resource tags, targeting resources tagged as 'Production'.

This template sets up the necessary resources to accept an invitation to AWS Security Hub from a master account.

Configures an AWS Security Hub administrator account within an AWS Organizations setup, enabling Security Hub automatically for all member accounts.

Subscribes to a Security Hub product using a specific product ARN within the current AWS region.

This template subscribes to the CIS AWS Foundations Benchmark and PCI DSS standards in AWS Security Hub.

This template elevates the severity of findings to CRITICAL for specific AWS resources, such as an S3 bucket, when they are at risk.

A CloudWatch Event Rule that triggers on AWS Security Hub findings. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

A config rule that checks that AWS Security Hub is enabled for an AWS account. The rule is NON_COMPLIANT if Security Hub is not enabled.

This SCP prevents users or roles in any affected account from disabling AWS Security Hub, deleting member accounts or disassociating an account from a master Security Hub account.