Onboarding Guide

The AWS onboarding guide will walk you through prerequisites, security incident response onboarding and security incident response containment actions to perform threat containment actions during onboarding.

Important

Prerequisites

The only deployment prerequisite is enabling AWS Organizations
While not required, we recommend enabling Amazon GuardDuty and AWS Security Hub CSPM across all accounts and active regions to maximize Security Incident Response benefits.
Review GuardDuty and Security Incident Response
Review GuardDuty best practices guide

Security Hub CSPM will ingest findings from 3rd party endpoint detection and response (EDR) vendors (CrowdStrike, FortinetCNAPP (Lacework) and Trend Micro, among others. If these findings are ingested into Security Hub CSPM, they will be auto-triaged by Security Incident Response for proactive case creation as well. To setup 3rd party EDR with Security Hub CSPM, follow our Detection and Analysis service documentation

To setup 3rd party EDR with Security Hub CSPM:

Navigate to the Security Hub CSPM Integrations page to validate the 3rd party integration exists
From the console, navigate to the Security Hub CSMP service page.
Choose Integrations (using Wiz.IO as an example):
Search for the vendor you would like to integrate

Note

You’ll be asked for account or subscription information, then you’re complete and Security Incident Response is ingesting 3rd party findings. Pricing for the ingestion of 3rd party findings can be found on the Integrations page of Security Hub CSPM.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Getting Started

Enable Security Incident Response