AWS CloudFormation templates
Services used include Amazon Simple Notification Service, AWS Key Management Service, AWS Identity and Access Management, AWS Lambda, AWS Step Functions, Amazon CloudWatch Logs, Amazon S3, and AWS Systems Manager.
Admin account support
The following templates are installed in the AWS Security Hub admin account to turn on the security standards that you want to support. You can choose which of the following templates to install when installing the automated-security-response-admin.template
.
automated-security-response-orchestrator-log.template - Creates a CloudWatch logs group for the Orchestrator Step Function.
AFSBPStack.template - AWS Foundational Security Best Practices v1.0.0 rules.
CIS120Stack.template - CIS Amazon Web Services Foundations benchmarks, v1.2.0 rules.
CIS140Stack.template - CIS Amazon Web Services Foundations benchmarks, v1.4.0 rules.
CIS300Stack.template - CIS Amazon Web Services Foundations benchmarks, v3.0.0 rules.
PCI321Stack.template - PCI-DSS v3.2.1 rules.
NISTStack.template - National Institute of Standards and Technology (NIST), v5.0.0 rules.
SCStack.template - Security Controls v2.0.0 rules.
Member roles
Member accounts
The automated-security-response-member.template
installs the following templates based on your selections:
automated-security-response-remediation-runbooks.template - Common remediation code used by one or more of the security standards.
AFSBPMemberStack.template - AWS Foundational Security Best Practices v1.0.0 settings, permissions, and remediation runbooks.
CIS120MemberStack.template - CIS Amazon Web Services Foundations benchmarks, version 1.2.0 settings, permissions, and remediation runbooks.
CIS140MemberStack.template - CIS Amazon Web Services Foundations benchmarks, version 1.4.0 settings, permissions, and remediation runbooks.
CIS300MemberStack.template - CIS Amazon Web Services Foundations benchmarks, version 3.0.0 settings, permissions, and remediation runbooks.
PCI321MemberStack.template - PCI-DSS v3.2.1 settings, permissions, and remediation runbooks.
NISTMemberStack.template - National Institute of Standards and Technology (NIST), v5.0.0 settings, permissions, and remediation runbooks.
SCMemberStack.template - Security Control settings, permissions, and remediation runbooks.
automated-security-response-member-cloudtrail.template - Used in the Action Log feature to track and audit and service activity.
Ticket system integration
Use one of the following templates to integrate with your ticketing system.
If you want to integrate a different external ticketing system, you can use either of these stacks as blueprint to understand how to implement your own custom integration.