Log in to the Web UI Locate the Lambda.1 finding Initiate the remediation Confirm that the remediation resolved the finding

Remediate using the Web UI

Alternatively, you can use the solution’s Web UI to remediate AWS Security Hub findings and view past remediations.

Note

You must set the ShouldDeployWebUI parameter to "yes" when deploying the Admin stack in order to use the solution’s Web UI.

After deploying the solution, you will receive an email with temporary credentials and a link to the solution’s Web UI from no-reply@verificationemail.com. This will be sent to the email address you provided when deploying the Admin stack.

Locate the email, copy the temporary credentials, and click the Web UI link. This link will take you directly to the sign-in page, where you will enter your temporary credentials and set a new password.

Locate the Lambda.1 finding

Once you log in, you will be presented with the Findings page. This page displays all Security Hub findings in your Security Hub administrator account that are supported for remediation, including findings for member accounts onboarded with AWS Security Hub.

On the Findings page, use the search bar to filter on Resource ID by entering the ARN of the Lambda function you created as part of this tutorial and performing a search using the "=" operator. This will display all AWS Security Hub findings supported by the solution for the Lambda function you created.

In order to find the Lambda.1 finding generated in this tutorial, apply another filter on Finding Type. Click the search bar, select Finding Type, and select the "=" operator. If consolidated control findings is enabled in your environment, enter security-control/Lambda.1. Otherwise, choose a security standard that supports the Lambda.1 control and enter the Generator ID; for example aws-foundational-security-best-practices/v/1.0.0/Lambda.1.

After applying the Resource ID and Finding Type filters, you will see only the Lambda.1 finding generated by AWS Security Hub for your test resource listed in the table.

Note

It may take some time for AWS Security Hub to generate the Lambda.1 finding for the resource you created. If you do not see the finding after applying both filters, wait 5-10 minutes and search for the finding again.

Initiate the remediation

Select the finding you located in the previous step, then click Actions > Remediate. This will begin a remediation for the finding you selected.

You can view the progress of this remediation on the Execution History page. After waiting a few minutes, refresh the Execution History page by clicking the refresh icon on the top right, and you should see that the Status has changed from In progress to Success.

Confirm that the remediation resolved the finding

When the finding is marked as Resolved by AWS Security Hub, it will automatically be removed from the Findings page in the Web UI.

To verify that the remediation resolved the finding, navigate to the Lambda console in the member account and confirm that the public access has been revoked.

Note

Some findings may still appear on the Findings page even with a Remediation Status of Success. This is because AWS Security Hub takes up to 24 hours to mark a finding as resolved after the resource has been updated. You can suppress findings you no longer want to see on the Findings page by selecting the finding and clicking Actions > Suppress.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Remediate example findings

Trace the execution of the remediation