Questions tagged with AWS Security Hub
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
As above topic?
For normal web application testing we are only given a URL and normal web user account.
What other things can we exploit from a cloud based url?
For example?
Misconfigured S3 Bucket
I...
2
answers
0
votes
359
views
asked 2 years agolg...
Hi,
ive put in a s3 bucket policy that I thought should cover the issue...
2
answers
0
votes
503
views
asked 2 years agolg...
Hi,
We have following queries. Can you please suggest on these also
1. Can we use AWS Marketplace: Antivirus for Amazon S3 - PAYG with 30 DAY FREE TRIAL for ours
2. Do we have the provision to do...
2
answers
0
votes
291
views
asked 2 years agolg...
Hello,
I am working on improving security compliance in my project and recently I've come across security finding related to network ACL:
`[EC2.21] Network ACLs should not allow ingress from...
2
answers
0
votes
420
views
asked 2 years agolg...
Someone pointed Nessus at my EC2 machine and performed a 12minute vunerability scan - Their IP traces back to AWS - There are more than 200 entries across all logs in /var/log/httpd. I believe my...
2
answers
0
votes
278
views
asked 2 years agolg...
Security Groups
Hi All,i am doing basic hands on regarding EC2 instance i created a inbound Security group for HTTPS on port 443 to be allowed from anywhere.
My EC2 instance has a web server running...
2
answers
1
votes
1720
views
asked 2 years agolg...
how to get regional endpoints in a real scenario?
I tried:
return g_boto3_session.client(service,
region_name=region,
...
1
answers
0
votes
519
views
asked 2 years agolg...
I am having issue on having 1000's of findings in Security Hub which says "Compliance Status: Passed"
usually they close after some period of time, but we generate daily reports and need to list the...
2
answers
0
votes
3174
views
asked 2 years agolg...
In the "results" view page of the Standards Controls (AWS, CIS), the the statistics ribbon displays a number of data, include are "Enabled", "Failed", "Disabled in this account" and "Disabled in all...
1
answers
0
votes
575
views
asked 2 years agolg...
Hi everyone, I need help urgently!! my account was hacked on March 20th and billing is around 24k USD, I raised the case on March 24th when I notice the problem, but, the case in AWS Support has not...
2
answers
0
votes
864
views
asked 2 years agolg...
Hi, I'm enabling server access logging on all S3 buckets, as per SecurityHub recommendations. But now it also wants access logging on the access logging buckets and it warns (very good) that source...
3
answers
3
votes
1661
views
asked 2 years agolg...
(resolved) Why do SecurityHub detection results show both PASSED and FAILED for the same resource?lg...
The SecurityHub detection results have the following titles:
`4.3 Ensure the default security group of every VPC restricts all traffic`
In response, we have removed the default security group...
Accepted AnswerAWS Security Hub
2
answers
0
votes
1517
views
asked 2 years agolg...