An open API service indexing awesome lists of open source software.

https://github.com/attackiq/attackiq.github.io

AttackIQ Github Domain
https://github.com/attackiq/attackiq.github.io

Last synced: 4 months ago
JSON representation

AttackIQ Github Domain

Awesome Lists containing this project

README

          

# AttackIQ Platform

![](./images/aws_security_hub.jpg)

Don't have AttackIQ? [Learn more](https://go.attackiq.com/BD-AWS-Security-Hub_LP.html)

## Overview

The AttackIQ Platform provides the capability to send notifications for scheduled assessment results to AWS Security Hub. With this facility, you can set a minimum prevention rate for a scheduled assessment. When the prevention percentage falls below this threshold, the AttackIQ Platform will send a notification to your Security Hub Console conveying the assessment results.

This guide will show you how to configure the AWS Security Notification facility for your scheduled assessments.

## Configuration

To configure AWS Security Hub notifications, follow this procedure:


  1. Open your AttackIQ Platform UI then click on the assessment you want to schedule.

![](./images/aiq_aws_sec_assessments.png)


  1. Click on the Scheduled menu item, then schedule your assessment. The details of how this is done will not be covered in this guide.

  2. Click on the Notification menu item.

  3. Click on the Global Config button.

![](./images/aiq_aws_sec_config_start.png)


  1. Click on the AWS Configure button.

![](./images/aiq_aws_sec_global_config.png)


  1. Enter your AWS Account ID

  2. Enter your AWS Region

  3. Click on the TEST CONNECTION button to send a test notification.

  4. Click on the Update button to save the notification configuration fo your scheduled assessment.

![](./images/aiq_aws_sec_credentials.png)


  1. Click on the AWS STATUS switch to enable AWS notifications.

![](./images/aiq_aws_sec_global_enable.png)


  1. Click on the AWS toggle switch to enable notifications for your assessment.

![](./images/aiq_aws_sec_local_enable.png)


  1. Click on the SET THRESHOLD button.

  2. Set the desired threshold with the slider control.

  3. Click on Save button.

![](./images/aiq_aws_sec_local_config.png)

## AWS Security Hub Console

To see your Security Hub notifications:

1. Open your **AWS Management Console**
1. Click on **Security Hub** in the **Security, Identity, & Compliance** section.
1. Click on **Findings** in the menu on the left.
1. Click on the empty part of the search box.
1. Select **Severity label** from the menu.
1. Enter **CRITICAL**.
1. Click on **Apply**.

You should get findings that look like the following.

![](./images/aiq_aws_sec_hub_console.png)

In this example, both a test notification and a scheduled assessment notification are shown.