AWS Security Hub Monitoring

Updated Aug 31, 2023

Configure AWS Security Hub monitoring

Amazon Web Services® (AWS) Security Hub provides a unified and comprehensive view of your security state in AWS, and helps you check your environment against security industry standards and best practices. AWS Security Hub collects security data from all of your AWS accounts, services, and supported third-party partner products to help you analyze your security trends and identify the highest priority security issues. See Amazon's AWS Security Hub user guide for more information. AWS Security Hub is an optional Arctic Wolf integration.

Before you begin

To complete this process, you must:

Configure AWS Security Hub

  1. Sign in to the AWS Management Console.
  2. Click Services > CloudFormation.
  3. Click Create Stack > With new resources (standard).
  4. On the Create stack page, click Template is ready and then click Upload a template file.
  5. Under Upload a template file, choose the template that you downloaded in Before you begin. Then, click Next.
  6. In the field under Stack name, enter a unique name such as AWNSecurityHub.
  7. Click Next > Next.
  8. Read the information about changes caused by configuring the stack, and then select the Capabilities checkbox to acknowledge the changes.
  9. Click Create Stack to complete the setup.

Update Arctic Wolf GuardDuty logging

Configuring AWS Security Hub automatically enables GuardDuty findings. To prevent duplicating logs, disable Arctic Wolf GuardDuty logging:

  1. Sign in to the AWS Management Console.
  2. Click Services > GuardDuty.
  3. Click Settings, and then navigate to Findings export options on the page.
  4. Click the X beside the Arctic Wolf Logs bucket name to delete it from being a GuardDuty Finding Publishing Destination.
  5. Click Delete when prompted.

Next steps

Notify your Concierge Security® Team (CST) that you have enabled the AWS Security Hub integration.