ThreatMapper Integrates with AWS Security Hub for Improved Security Observability
November 29, 2022
We're excited to announce a new integration with AWS Security Hub at the 2022 AWS:ReInvent conference.
Deepfence ThreatMapper is a rapidly growing and widely adopted open-source Cloud Native Application Protection Platform (CNAPP) that provides enhanced security observability. ThreatMapper takes vulnerability, malware, sensitive secret, and configuration findings and exposes and prioritizes them within AWS Security Hub. It eliminates 97% of the noise of traditional scanning services and focuses on which risks are most attackable within your AWS environment.
AWS Security Hub posture management service helps users aggregate alerts, enable auto-remediation, and perform orchestration workflows. It can provide a single pane of glass view within the AWS platform by consolidating multiple security findings into a singular hub. Deepfence scanners work across build, deployment and the runtime lifecycle of applications and infrastructure to identify vulnerabilities, secrets, malware and compliance misconfiguration to help to derive additional insights into the findings within the Security Hub. This new integration aggregates security risks into a single place and format.
1) First, we will install ThreatMapper using the available instructions. Once the installation is complete, we can add the AWS Security Hub in a few simple steps.
2) Add an AWS Cloud Account by following the steps here. Note that this automatically identifies the various services enabled for the account, including the AWS Security Hub
3) Navigate to the SIEM tab under the “Integrations” section. The AWS Security Hub is displayed as a separate option which can now be configured appropriately.
4) Add the AWS credentials for the account where Security Hub is enabled and the appropriate region. Once that is done, we can choose the appropriate set of results that will be sent to the Security Hub.
5) Now we can run some vulnerability scans using the instructions available here. Once you run a vulnerability scan, you can see the results on the Security Hub page.
Click on a Finding Title to see the detailed result.
You can follow similar steps to add other security findings into the AWS Security Hub. In the upcoming days, we will add additional controls and insights, and also role-based access into the Security Hub. If you are interested in taking a deeper look at the technical integration, our repository is here, and we welcome contributions of all forms, including documentation, feature requests, technical bugs, or source code patches.