- Newest
- Most votes
- Most comments
Did you check the Finding page for the changed resource? If you just check the percentage, maybe your change is too small compared with overall infrastructure and percent is not changed even if Security Hub detected the new resource change
Security score you see in the Security standards dash board is cloud security posture score. It is percentage of passed Compliance controls over enabled controls. If all the checks for the control are fixed and no failed checks for the control when the score is computed, then the score will change. Go to the control and see whether there are any failed checks. Make sure there are no failed checks. Score is computed once every 24 hours. If you mitigated a finding that is from threat detection service such as GuardDuty, security score in the security hub summary screen will not change.
Hi,
If the Security Hub score has not been updated after 24 hours, even after making changes to your resources, there could be a few reasons for this delay. Here are some steps you can take to troubleshot and resolve the issue:
-
Check the Security Hub Findings
- Go to the Security Hub console and navigate to the "Findings" section.
- Check if there are any new findings related to the changes you made to your resources. You may have to refresh your browser to ensure it is loading the latest results.
- Security Hub updates the score based on the findings, so if there are no new findings, the score may not have changed..
-
Verify AWS Config Integration
- Security Hub integrates with AWS Config to receive resource configuration changes.
- Ensure that AWS Config is enabled in the regions where you made the resource changes.
- Check the AWS Config console for any failed deliveries or recording errors related to the resources you changed.
-
Check Security Hub status
- Navigate to the "Settings" section in the Security Hub console and check if "AWS Security Hub Status" is enabled.
- If it's disabled, enable it, and Security Hub should pick up the changes and update the findings and score accordingly.
-
Verify Security Standards
- Security Hub calculates the score based on the enabled security standards (e.g., CIS AWS Foundations, AWS Foundational Security Best Practices, etc.).
- Check if the security standards related to the resources you changed are enabled in Security Hub.
- If they are not enabled, enable them, and Security Hub should start evaluating those resources and update the score.
-
Check CloudWatch Logs
- Security Hub and AWS Config both integrate with CloudWatch Logs.
- Check the CloudWatch Logs for any errors or failures related to Security Hub or AWS Config in the respective log groups (/aws/securityhub/ and /aws/config/).
-
Contact AWS Support
- If you have checked all the above steps and the issue persists, you can open a case with AWS Support for further assistance.
- Provide them with the relevant details, such as the resources you changed, the regions, and any error messages you encountered.
It's worth noting that Security Hub may take some time to process and reflect the changes, depending on the number of resources and the complexity of the security standards being evaluated. However, if the score has not been updated after 24 hours, there might be an underlying issue that needs to be addressed.
Here are some relevant AWS documentation links for reference:
- Security Hub Findings
- AWS Config Integration with Security Hub
- Security Hub Automate Response
- Security Hub Security Standards
- CloudWatch Logs for Security Hub
- [CloudWatch Logs for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/monitor-config-with-cloudwatchlogs.html.
Hope it'll help.....
Relevant content
- asked 3 years ago
- AWS OFFICIALUpdated 2 years ago
Please accept the answer if it was useful for you