Onboarding Guide

The AWS onboarding guide will walk you through prerequisites, security incident response onboarding and CIRT containment actions to perform threat containment actions during onboarding.

Important

Prerequisites

The only deployment prerequisite is enabling AWS Organizations
While not required, we recommend enabling Amazon GuardDuty and AWS Security Hub CSPM across all accounts and active regions to maximize Security Incident Response benefits.
Review GuardDuty and Security Incident Response
Review GuardDuty best practices guide

Security Hub CSPM will ingest findings from 3rd party endpoint detection and response (EDR) vendors (CrowdStrike, FortinetCNAPP (Lacework) and Trend Micro. If these findings are ingested into Security Hub CSPM, they will be auto-triaged by Security Incident Response for proactive case creation as well. To setup 3rd party EDR with Security Hub CSPM, follow our Detection and Analysis service documentation steps.

Note

The specific steps may vary depending on the AWS service and the actions you're trying to perform.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Getting Started

Enable Security Incident Response