Exciting news! We are redesigning the Arctic Wolf Help Documentation site to provide a better user experience. Our new site will launch on May 1, 2024.

AWS Security Hub Monitoring

Updated Apr 18, 2024

Configure AWS Security Hub for Arctic Wolf monitoring

You can configure Amazon Web Services (AWS)® Security Hub to collect security data from all of your AWS accounts and services to help you analyze your security trends and identify the highest priority security issues.

See AWS Security Hub user guide for more information.

Requirements

Before you begin

Steps

  1. Configure AWS Security Hub.
  2. Disable Arctic Wolf GuardDuty logging.

Step 1: Configure AWS Security Hub

  1. Sign in to the AWS Management Console.
  2. Click Services > CloudFormation.
  3. Click Create Stack > With new resources (standard).
  4. On the Create stack page, click Template is ready, and then click Upload a template file.
  5. In the Upload a template file section, select the template that you downloaded and extracted in Before you begin.
  6. Click Next.
  7. In the Stack name field, enter a unique name. For example, AWNSecurityHub.
  8. Click Next > Next.
  9. Read the information about changes caused by configuring the stack, and then select the Capabilities checkbox to acknowledge the changes.
  10. Click Create Stack.

Step 2: Disable Arctic Wolf GuardDuty logging

Configuring AWS Security Hub automatically enables Amazon GuardDuty findings. Disable Arctic Wolf Amazon GuardDuty logging to prevent duplicate logs.

  1. Sign in to the AWS Management Console.
  2. Click Services > GuardDuty.
  3. Click Settings, and then find the Findings export options section.
  4. Click X beside the Arctic Wolf logs bucket name.
  5. Click Delete when prompted.

Next steps