How do I use Security Hub CSPM to check Firewall Manager security group policy findings?

2 minute read

I want to use AWS Security Hub CSPM to check my AWS Firewall Manager security group policy findings.

Short description

Firewall Manager creates findings for resources that are out of compliance and for detected attacks and then sends the findings to Security Hub CSPM. Firewall Manager is integrated with Security Hub CSPM to receive security group policy findings including, common policies, content audit policies, and group usage audit policies.

Note: If you already use Firewall Manager, then Security Hub CSPM automatically turns on this integration. You don't need to take any additional action to receive findings from Firewall Manager.

Resolution

Filter with findings

Complete the following steps:

Open the Security Hub CSPM console in the same AWS Region where the security group policy was created.
From the navigation pane, choose Findings.
In Search and add filter, choose Product name from the dropdown list.
In Edit filter, for operator, choose is. For value, enter Firewall Manager. Then, choose Apply.
Note: Search values are case sensitive.

Filter with integrations

Complete the following steps:

Open the Security Hub CSPM console in the same Region where the security group policy was created.
From the navigation pane, choose Integrations.
In the Integrations search pane, enter Firewall Manager. If you're already using Firewall Manager, the Status of this integration should be Accepting findings.
Note: Search values are case sensitive.
Choose See findings.

(Optional) Disable integration

To disable the integration of Firewall Manager findings with Security Hub CSPM, complete the following steps:

Open the Security Hub CSPM console.
From the navigation pane, choose Integrations.
In the Integrations search pane, enter Firewall Manager.
Choose Stop accepting findings.
Select I want to stop accepting findings and then, choose Stop accepting findings.

For more information, see AWS Firewall Manager integration with AWS Security Hub CSPM and Creating and updating findings in Security Hub.

Related information

How can I use Security Hub to monitor security issues for my AWS environment?

How do I set up AWS Firewall Manager for my AWS account?

Topics: Security, Identity, & Compliance
Tags: AWS Firewall Manager
Language: English

AWS OFFICIALUpdated 2 months ago

No comments

Relevant content

How Can I Satisfy KMS.1 in Security Hub Findings
rePost-User-8961486
asked 2 years ago
IAM Policies With Full Administrative Privileges and MFA questions
Orlando
asked 2 years ago
How to export AWS Security Hub findings to CSV format
ophy
asked 4 years ago
Number of Security Groups in Network Firewall Manager Policy?
Kamal Gakhar
asked a year ago
Receiving only 16 default findings from security hub
SAPHS
asked 3 years ago
Why did Security Hub initiate the finding "Lambda function policies should prohibit public access"?
AWS OFFICIALUpdated 6 months ago
How can I use Security Hub CSPM to monitor security issues for my AWS environment?
AWS OFFICIALUpdated 6 months ago
How do consolidated controls view and consolidated control findings affect my workflows?
AWS OFFICIALUpdated 6 months ago
How can I aggregate my Security Hub findings and security scores from multiple AWS Regions?
AWS OFFICIALUpdated 6 months ago
Announcing 4 new widgets on AWS Console Home - Security Hub, Ops summary, Patch compliance, and Managed instances
EXPERT
Grace Kitzmiller
published 3 years ago