A configuration package to enable AWS Security Hub in an AWS account including service prerequisites and notification. AWS Security Hub turns on CIS AWS Foundations Compliance Standards by default.

Configuration to enable AWS Security Hub in an AWS Account, with option to configure security standards such as CIS Foundation Benchmarks.

This template creates an AWS Security Hub automation rule with the specified criteria and actions. The automation rule is used to automatically respond to security findings based on the defined criteria. The example includes all available fields for criteria and actions.

This template creates an AWS Security Hub resource. It enables the default standards and turns on consolidated control findings.

This template creates an AWS Security Hub resource with the specified tags. It disables the default standards and turns off consolidated control findings.

This template creates an AWS SecurityHub Standard resource and enables the AWS Foundational Security Best Practices (FSBP) standard with all controls enabled. The `StandardsArn` property is set to the ARN of the FSBP standard. The template also includes an output `StandardsSubscriptionArn` that references the created Standard resource.

This template creates an AWS SecurityHub Standard resource and enables the FSBP standard. The `StandardsArn` property is set to the ARN of the FSBP standard. The template also includes a `DisabledStandardsControls` property that specifies the controls to be disabled in the standard. The controls are specified using their ARNs and a reason for disabling them. The template also includes an output `StandardsSubscriptionArn` that references the created Standard resource.

A CloudWatch Event Rule that triggers on AWS Security Hub findings. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

A config rule that checks that AWS Security Hub is enabled for an AWS account. The rule is NON_COMPLIANT if Security Hub is not enabled.

This SCP prevents users or roles in any affected account from disabling AWS Security Hub, deleting member accounts or disassociating an account from a master Security Hub account.