AWS Security Blog

Tag: SIEM

Sample solution architecture diagram

How to generate security findings to help your security team with incident response simulations

April 8, 2024: We have updated the post to revise the CloudFormation launch stack link to provision the CloudFormation template. Continually reviewing your organization’s incident response capabilities can be challenging without a mechanism to create security findings with actual Amazon Web Services (AWS) resources within your AWS estate. As prescribed within the AWS Security Incident […]

Figure 9: Security Hub findings flow

Three recurring Security Hub usage patterns and how to deploy them

As Amazon Web Services (AWS) Security Solutions Architects, we get to talk to customers of all sizes and industries about how they want to improve their security posture and get visibility into their AWS resources. This blog post identifies the top three most commonly used Security Hub usage patterns and describes how you can use […]

Figure 1: SIEM implementation on Amazon OpenSearch Service

How to use AWS Security Hub and Amazon OpenSearch Service for SIEM

April 25, 2023: We’ve updated this blog post to include more security learning resources. AWS Security Hub provides you with a consolidated view of your security posture in Amazon Web Services (AWS) and helps you check your environment against security standards and current AWS security recommendations. Although Security Hub has some similarities to security information […]

Visualizing Amazon GuardDuty findings

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help protect your AWS accounts and workloads. Enable GuardDuty and it begins monitoring for: Anomalous API activity Potentially unauthorized deployments and compromised instances […]