Integrating AWS Systems Manager with Security Hub to detect issues, create an incident, and remediate automatically
Based on the AWS Security Incident Response Guide, it is recommended to use security response automation, which increases both the scale and effectiveness of your security operations. With the help of automation, we can easily detect and alert the response team about an incident and, based on the specific runbook, which is an automation script, we can also remediate the incident. In this section, we will create a solution that helps us to detect security incidents and loopholes and alert the security operation team.
We will configure the AWS Systems Manager OpsCenter to aggregate all the security findings from AWS Security Hub into OpsCenter as issues. At the same time, we will configure an Event Bridge rule to check the event on the newly created finding in Security Hub and, based on that EventBridge rule, trigger the AWS incident response plan to create an incident...
