diff --git a/redirects.yml b/redirects.yml index 76a9b60026..b9cf8ad235 100644 --- a/redirects.yml +++ b/redirects.yml @@ -563,7 +563,7 @@ redirects: 'solutions/security/cloud/integration-tenablevm.md': 'solutions/security/integrations/tenablevm.md' 'solutions/security/cloud/integration-rapid7.md': 'solutions/security/integrations/rapid7.md' 'solutions/security/cloud/integration-qualys.md': 'solutions/security/integrations/qualys.md' - 'solutions/security/cloud/ingest-aws-security-hub-data.md': 'solutions/security/integrations/aws-security-hub.md' + 'solutions/security/cloud/ingest-aws-security-hub-data.md': 'solutions/security/integrations/aws-security-hub-cspm.md' 'solutions/security/cloud/aws-config-integration.md': 'solutions/security/integrations/aws-config.md' # Deduplicate canvas function reference @@ -634,7 +634,7 @@ redirects: # Related to https://github.com/elastic/docs-content/issues/2662 'solutions/security/cloud/integrations/aws-config.md': 'solutions/security/integrations/aws-config.md' 'solutions/security/cloud/integrations/aws-inspector.md': 'solutions/security/integrations/aws-inspector.md' - 'solutions/security/cloud/integrations/aws-security-hub.md': 'solutions/security/integrations/aws-security-hub.md' + 'solutions/security/cloud/integrations/aws-security-hub.md': 'solutions/security/integrations/aws-security-hub-cspm.md' 'solutions/security/cloud/integrations/cncf-falco.md': 'solutions/security/integrations/cncf-falco.md' 'solutions/security/cloud/integrations/google-security-command-center.md': 'solutions/security/integrations/google-security-command-center.md' 'solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md': 'solutions/security/integrations/ingest-third-party-security-data.md' @@ -648,6 +648,10 @@ redirects: # Move CCS feature docs to explore-analyze 'solutions/search/cross-cluster-search.md': 'explore-analyze/cross-cluster-search.md' + 'solutions/search/cross-cluster-search/using-resolve-cluster-endpoint-before-cross-cluster-search.md': 'explore-analyze/cross-cluster-search/using-resolve-cluster-endpoint-before-cross-cluster-search.md' + + # Rename AWS Security Hub integration's name to AWS Security Hub CSPM + 'solutions/security/integrations/aws-security-hub.md': 'solutions/security/integrations/aws-security-hub-cspm.md' 'solutions/search/using-resolve-cluster-endpoint-before-cross-cluster-search.md': 'explore-analyze/cross-cluster-search/using-resolve-cluster-endpoint-before-cross-cluster-search.md' # Related to https://github.com/elastic/docs-content/pull/4438 @@ -697,4 +701,4 @@ redirects: # Related to https://github.com/elastic/docs-content/pull/5033 'solutions/observability/observability-ai-assistant.md': 'solutions/observability/ai/observability-ai-assistant.md' - 'solutions/observability/llm-performance-matrix.md': 'solutions/observability/ai/llm-performance-matrix.md' \ No newline at end of file + 'solutions/observability/llm-performance-matrix.md': 'solutions/observability/ai/llm-performance-matrix.md' diff --git a/solutions/security/integrations/aws-sec-hub.md b/solutions/security/integrations/aws-sec-hub.md new file mode 100644 index 0000000000..dbadcdb6ca --- /dev/null +++ b/solutions/security/integrations/aws-sec-hub.md @@ -0,0 +1,24 @@ +--- +applies_to: + stack: ga 9.3+ + serverless: + security: ga +products: + - id: security + - id: cloud-serverless +--- + +# AWS Security Hub +This integration uses the AWS Security Hub API to ingest vulnerability findings which appear in Elastic’s native vulnerability workflows. This page explains how to make data from the AWS Security Hub integration appear in the following places within {{elastic-sec}}: + +- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page.md) tab. +- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section). + +In order for AWS Security Hub data to appear in these workflows: + +* Follow the steps to [set up the AWS Security Hub integration](https://www.elastic.co/docs/reference/integrations/aws_securityhub). +* Ensure you have `read` privileges for the `security_solution-*.vulnerability_latest` index. + +::::{note} +You can ingest data from the AWS Security Hub integration for other purposes without following these steps. +:::: diff --git a/solutions/security/integrations/aws-security-hub-cspm.md b/solutions/security/integrations/aws-security-hub-cspm.md new file mode 100644 index 0000000000..fae24728fa --- /dev/null +++ b/solutions/security/integrations/aws-security-hub-cspm.md @@ -0,0 +1,33 @@ +--- +mapped_pages: + - https://www.elastic.co/guide/en/security/current/ingest-aws-securityhub-data.html + - https://www.elastic.co/guide/en/serverless/current/ingest-aws-securityhub-data.html +applies_to: + stack: all + serverless: + security: all +products: + - id: security + - id: cloud-serverless +--- + +# AWS Security Hub CSPM +This page explains how to make data from the AWS Security Hub CSPM integration appear in the following places within {{elastic-sec}}: + +- **Findings page**: Data appears on the [Misconfigurations](/solutions/security/cloud/findings-page.md) tab. +- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section). + +In order for AWS Security Hub CSPM data to appear in these workflows: + +* Follow the steps to [set up the AWS Security Hub CSPM integration](https://docs.elastic.co/en/integrations/aws/securityhub). +* Make sure the integration version is at least 2.31.1. +* Ensure you have `read` privileges for the `security_solution-*.misconfiguration_latest` index. +* While configuring the AWS Security Hub CSPM integration, turn on **Collect AWS Security Hub CSPM Findings from AWS**. We recommend you also set the **Initial Interval** value to `2160h` (equivalent to 90 days) to ingest existing logs. + +:::{image} /solutions/images/security-aws-config-finding-logs.png +:alt: AWS Security Hub CSPM integration settings showing the findings toggle +::: + +::::{note} +You can ingest data from the AWS Security Hub CSPM integration for other purposes without following these steps. +:::: diff --git a/solutions/security/integrations/aws-security-hub.md b/solutions/security/integrations/aws-security-hub.md deleted file mode 100644 index 0f33ce9103..0000000000 --- a/solutions/security/integrations/aws-security-hub.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -mapped_pages: - - https://www.elastic.co/guide/en/security/current/ingest-aws-securityhub-data.html - - https://www.elastic.co/guide/en/serverless/current/ingest-aws-securityhub-data.html -applies_to: - stack: all - serverless: - security: all -products: - - id: security - - id: cloud-serverless ---- - -# AWS Security Hub -This page explains how to make data from the AWS Security Hub integration appear in the following places within {{elastic-sec}}: - -- **Findings page**: Data appears on the [Misconfigurations](/solutions/security/cloud/findings-page.md) tab. -- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section). - -In order for AWS Security Hub data to appear in these workflows: - -* Follow the steps to [set up the AWS Security Hub integration](https://docs.elastic.co/en/integrations/aws/securityhub). -* Make sure the integration version is at least 2.31.1. -* Ensure you have `read` privileges for the `security_solution-*.misconfiguration_latest` index. -* While configuring the AWS Security Hub integration, turn on **Collect AWS Security Hub Findings from AWS**. We recommend you also set the **Initial Interval** value to `2160h` (equivalent to 90 days) to ingest existing logs. - -:::{image} /solutions/images/security-aws-config-finding-logs.png -:alt: AWS Security Hub integration settings showing the findings toggle -::: - -::::{note} -You can ingest data from the AWS Security Hub integration for other purposes without following these steps. -:::: diff --git a/solutions/security/integrations/ingest-third-party-security-data.md b/solutions/security/integrations/ingest-third-party-security-data.md index d6eac3f3ff..fd3c3e9a98 100644 --- a/solutions/security/integrations/ingest-third-party-security-data.md +++ b/solutions/security/integrations/ingest-third-party-security-data.md @@ -43,7 +43,8 @@ Data from the following integrations can feed into your {{elastic-sec}} workflow * [AWS Config](/solutions/security/integrations/aws-config.md) * [AWS Inspector](/solutions/security/integrations/aws-inspector.md) -* [AWS Security Hub](/solutions/security/integrations/aws-security-hub.md) +* [AWS Security Hub](/solutions/security/integrations/aws-sec-hub.md) +* [AWS Security Hub CSPM](/solutions/security/integrations/aws-security-hub-cspm.md) * [Google Security Command Center](/solutions/security/integrations/google-security-command-center.md) * [Microsoft Defender for Cloud](/solutions/security/integrations/microsoft-defender-for-cloud.md) * [Microsoft Defender for Endpoint](/solutions/security/integrations/microsoft-defender-for-endpoint.md) diff --git a/solutions/toc.yml b/solutions/toc.yml index c7f2a7c5c2..e009c9f013 100644 --- a/solutions/toc.yml +++ b/solutions/toc.yml @@ -688,7 +688,8 @@ toc: children: - file: security/integrations/aws-config.md - file: security/integrations/aws-inspector.md - - file: security/integrations/aws-security-hub.md + - file: security/integrations/aws-sec-hub.md + - file: security/integrations/aws-security-hub-cspm.md - file: security/integrations/cncf-falco.md - file: security/integrations/google-security-command-center.md - file: security/integrations/microsoft-defender-for-cloud.md