From b350c23b016ddb144e3dc182d86c804b6d4ba11b Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Fri, 26 Sep 2025 16:10:03 -0400 Subject: [PATCH 1/4] Adds AWS Config page in cloud security section --- .../integrations/aws-config-integration.md | 23 +++++++++++++++++++ solutions/toc.yml | 1 + 2 files changed, 24 insertions(+) create mode 100644 solutions/security/cloud/integrations/aws-config-integration.md diff --git a/solutions/security/cloud/integrations/aws-config-integration.md b/solutions/security/cloud/integrations/aws-config-integration.md new file mode 100644 index 0000000000..3ed3a332dc --- /dev/null +++ b/solutions/security/cloud/integrations/aws-config-integration.md @@ -0,0 +1,23 @@ +--- +applies_to: + stack: ga 9.2 + serverless: + security: all +products: + - id: security + - id: cloud-serverless +--- + +# AWS Config + +This page explains how to make data from the AWS Config integration appear in the following places within {{elastic-sec}}: + +- **Findings page**: Data appears on Findings page's [Misconfiguations](/solutions/security/cloud/findings-page.md). +- **Alert and Entity details flyouts**: Data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section). + + +In order for AWS Config data to appear in these workflows: + +* Follow the steps to [set up the AWS Config integration](https://docs.elastic.co/en/integrations/aws/config). +* Make sure the integration version is at least 4.0.0. +* Ensure you have `read` privileges for the following indices: `security_solution-*.misconfiguration_latest`. \ No newline at end of file diff --git a/solutions/toc.yml b/solutions/toc.yml index 7c3c9ad6af..3900792930 100644 --- a/solutions/toc.yml +++ b/solutions/toc.yml @@ -680,6 +680,7 @@ toc: - file: security/cloud/integration-qualys.md - file: security/cloud/integration-tenablevm.md - file: security/cloud/integration-rapid7.md + - file: security/cloud/integrations/aws-config-integration.md - file: security/investigate.md children: - file: security/investigate/timeline.md From caf669985bbe4eae304c4eb80815b86d518630ec Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Wed, 1 Oct 2025 11:46:23 -0700 Subject: [PATCH 2/4] Update solutions/security/cloud/integrations/aws-config-integration.md --- solutions/security/cloud/integrations/aws-config-integration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/cloud/integrations/aws-config-integration.md b/solutions/security/cloud/integrations/aws-config-integration.md index 3ed3a332dc..b8358fae9c 100644 --- a/solutions/security/cloud/integrations/aws-config-integration.md +++ b/solutions/security/cloud/integrations/aws-config-integration.md @@ -13,7 +13,7 @@ products: This page explains how to make data from the AWS Config integration appear in the following places within {{elastic-sec}}: - **Findings page**: Data appears on Findings page's [Misconfiguations](/solutions/security/cloud/findings-page.md). -- **Alert and Entity details flyouts**: Data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section). +- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details#insights) details flyouts. In order for AWS Config data to appear in these workflows: From 324c3f7489690bd0b55cc918a7a5534f3c7cd14f Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Tue, 7 Oct 2025 11:41:43 -0700 Subject: [PATCH 3/4] bugfix --- solutions/security/cloud/integrations/aws-config-integration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/cloud/integrations/aws-config-integration.md b/solutions/security/cloud/integrations/aws-config-integration.md index b8358fae9c..5cb5e25725 100644 --- a/solutions/security/cloud/integrations/aws-config-integration.md +++ b/solutions/security/cloud/integrations/aws-config-integration.md @@ -13,7 +13,7 @@ products: This page explains how to make data from the AWS Config integration appear in the following places within {{elastic-sec}}: - **Findings page**: Data appears on Findings page's [Misconfiguations](/solutions/security/cloud/findings-page.md). -- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details#insights) details flyouts. +- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. In order for AWS Config data to appear in these workflows: From fddef2bed4d27ba1e18fa25b6aa4f0be409d8214 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Thu, 9 Oct 2025 08:32:45 -0700 Subject: [PATCH 4/4] Update solutions/security/cloud/integrations/aws-config-integration.md Co-authored-by: Mike Birnstiehl <114418652+mdbirnstiehl@users.noreply.github.com> --- solutions/security/cloud/integrations/aws-config-integration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/cloud/integrations/aws-config-integration.md b/solutions/security/cloud/integrations/aws-config-integration.md index 5cb5e25725..212adff71b 100644 --- a/solutions/security/cloud/integrations/aws-config-integration.md +++ b/solutions/security/cloud/integrations/aws-config-integration.md @@ -12,7 +12,7 @@ products: This page explains how to make data from the AWS Config integration appear in the following places within {{elastic-sec}}: -- **Findings page**: Data appears on Findings page's [Misconfiguations](/solutions/security/cloud/findings-page.md). +- **Findings page**: Data appears on the Findings page's [Misconfigurations](/solutions/security/cloud/findings-page.md) tab. - **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts.