- Newest
- Most votes
- Most comments
Hello,
Yes, Security Hub supports resource-level suppression. There are a few ways to suppress findings at the resource level:
- You can manually suppress findings for specific resources from the Security Hub console or API. This prevents those findings from being included in your results.
- Security Hub supports automation rules that can suppress findings based on custom criteria, such as specific resource IDs or types. Automation rules run automatically to keep your findings optimized.
For controls that involve global resources like IAM or S3 buckets, you can suppress findings by disabling the control in all regions except one. Or by configuring AWS Config to not record global resources outside your chosen region.
Some key points about resource-level suppression in Security Hub:
- It helps reduce noise and cost by not processing irrelevant findings.
- Suppressed findings are still visible in the Security Hub console but marked as suppressed.
- You have control over what exactly is suppressed based on your environment and policies.
Sources [1] Security Hub controls that you might want to disable - AWS Security Hub [2] How AWS Security Hub works with IAM - AWS Security Hub [3] Disabling Security Hub - AWS Security Hub [4] AWS Security Blog - How to create auto-suppression rules in AWS Security Hub - https://aws.amazon.com/blogs/security/how-to-create-auto-suppression-rules-in-aws-security-hub/
Relevant content
- asked 2 years ago
- asked 2 years ago
- asked 7 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago