- 최신
- 최다 투표
- 가장 많은 댓글
Hello, if you are looking for 'Security Events' from services such as GuardDuty, Inspector and Config these are regionally aggregated into Security Hub. Each Security Hub finding generates an Event in EventHub and you can use an Event Rule to trigger further processing of these events.
- use the Event rule to deliver the event message to an SNS Topic and subscribe a Lambda function to process the Event and forward it to a RESTAPI to consumption by an external SIEM
- use the event rule to deliver the event to a Kinesis FireHouse, use lambda to mutate the event into a common log format (maybe ECS format) and deliver the mutate event to an S3 bucket which could be collected by an external process.
If this doesnt meet your use case please provide some more context that could helpinform a solution to helpyou deliver what you need.
Best of luck
Expanding a bit on Rich's response - AWS Security Hub can aggregate security findings from a number of AWS security services and from select AWS partner security solutions. This includes both cross region and cross account aggregation. Security Hub can also help you monitor your security posture by scoring your environment against one or more of the following security standards: AWS Foundational Security Best Practices v1.0.0, CIS AWS Foundations Benchmark v1.2.0, PCI DSS v3.2.1.
If you need a full fledged SIEM, Security Hub has built in integration that allow you to export findings to a number of AWS partners including Splunk, Sumo Logic, QRadar, and more.
