Skip to content

rinaudjaws/iot-device-defender-integration-with-securityhub

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
config
config
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
deploy.sh
deploy.sh
 
 

Repository files navigation

How to import AWS IoT Device Defender audit findings into Security Hub

In this solution, we show how you can import AWS IoT Device Defender audit findings into Security Hub. You can then view and organize Internet of Things (IoT) security findings in Security Hub together with findings from other integrated AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Identity and Access Management (IAM) Access Analyzer, AWS Systems Manager, and more. You will gain a centralized security view across both enterprise and IoT types of workloads, and have an aggregated view of AWS IoT Device Defender audit findings. This solution can support AWS Accounts managed by AWS Organizations.

You’ll learn how the integration of IoT security findings into Security Hub works. After you deploy the solution, every failed audit check will be recorded as a Security Hub finding. The findings within Security Hub provides an AWS IoT Device Defender finding severity level and direct link to the AWS IoT Device Defender console so that you can take possible remediation actions. If you address the underlying findings or suppress the findings by using the AWS IoT Device Defender console, the solution function will automatically archive any related findings in Security Hub when a new audit occurs.

For more information see AWS Security Blog How to import AWS IoT Device Defender audit findings into Security Hub

Deploying with CLI

  • Create or re-use existing a S3 bucket in your account where you will upload the sources.
  • Set up your AWS credential for AWS CLI, see Configuration basics
  • Execute the deployment script ./deploy.sh s3bucket s3prefix aws-cli-profile aws-region, where
    • s3bucket is where the sources will be uploaded
    • s3prefix is S3 object prefix to use without slash
    • aws-cli-rofile is cli profile, use default if without profile
    • aws-region is the region Example: ./deploy.sh my-test-bucket mypref default eu-west-1

Deploying with LaunchStack button

See AWS Security Blog How to import AWS IoT Device Defender audit findings into Security Hub

Contributing

See CONTRIBUTING for more information.

License

This library is licensed under the MIT-0 License. See the LICENSE file.

About

No description, website, or topics provided.

Resources

Readme

License

MIT-0 license

Code of conduct

Code of conduct
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 71.5%
  • Shell 28.5%