diff --git a/docs/en/enterprise-edition/content-collections/_graphics/administration/aws-security-hub-integrate-1.png b/docs/en/enterprise-edition/content-collections/_graphics/administration/aws-security-hub-integrate-1.png new file mode 100644 index 0000000000..7cc1008aca Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/administration/aws-security-hub-integrate-1.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/administration/aws-security-hub-integrate-2.png b/docs/en/enterprise-edition/content-collections/_graphics/administration/aws-security-hub-integrate-2.png new file mode 100644 index 0000000000..13d0c5e9c4 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/administration/aws-security-hub-integrate-2.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/administration/aws-security-hub-integrate-3.png b/docs/en/enterprise-edition/content-collections/_graphics/administration/aws-security-hub-integrate-3.png new file mode 100644 index 0000000000..30213c3761 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/administration/aws-security-hub-integrate-3.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/administration/aws-security-hub-integrate-4.png b/docs/en/enterprise-edition/content-collections/_graphics/administration/aws-security-hub-integrate-4.png new file mode 100644 index 0000000000..f217daeee6 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/administration/aws-security-hub-integrate-4.png differ diff --git a/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-aws-security-hub.adoc b/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-aws-security-hub.adoc index 7e133103e0..7d6770e100 100644 --- a/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-aws-security-hub.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-aws-security-hub.adoc @@ -4,13 +4,11 @@ == Integrate Prisma Cloud with AWS Security Hub Learn how to integrate Prisma® Cloud with AWS Security Hub so that you can view and monitor your security posture on AWS Security Hub. -You can use AWS Security Hub as a central console to view and monitor the security posture of your cloud assets on AWS Security Hub. - Integrate Prisma® Cloud with AWS Security Hub for centralized visibility into security and compliance risks associated with your cloud assets on the AWS Security Hub console. -As part of the integration, Prisma Cloud monitors your assets on your AWS cloud and sends alerts about resource misconfigurations, compliance violations, network security risks, and anomalous user activities directly to the AWS Security Hub console so that you have a comprehensive view of the cloud assets deployed on your AWS accounts. - +As a part of the integration, Prisma Cloud monitors your AWS cloud assets. It sends alerts about resource misconfigurations, compliance violations, network security risks, and anomalous user activities directly to the AWS Security Hub console providing a centralized and comprehensive view of the cloud assets deployed on your AWS accounts. +NOTE: Prisma Cloud integration with AWS Security Hub is not supported for US Gov Cloud regions. [.procedure] @@ -18,7 +16,7 @@ As part of the integration, Prisma Cloud monitors your assets on your AWS cloud + .. Log in to the AWS console and select IAM. -.. Select *Roles* and search for the role name which you had used for onboarding your account on Prisma Cloud. +.. Select *Roles* and search for the role name used to onboard your account on Prisma Cloud. .. Click on that role name and *Add permissions > Attach Policies*. + @@ -48,33 +46,33 @@ image::administration/securityhub-enabled-prisma-cloud.png[] . Set up the AWS Security Hub Integration on Prisma Cloud. + -Set up the AWS Security Hub as an integration channel on Prisma Cloud so that you can view security alerts and compliance status for all your AWS services from the AWS console. +Set up the AWS Security Hub as an integration channel on Prisma Cloud so that you can view security alerts and compliance status for all your AWS services from the AWS console. + .. Log in to Prisma Cloud. -.. Select *Settings > Integrations*. +.. Select *Settings > Integrations & Notifications*. -.. *Add Integration > AWS Security Hub*. A modal wizard opens where you can add the AWS Security Hub integration. -+ -image::administration/amazon-s3-int-1.png[] +.. *Add Integration > AWS Security Hub*. A modal wizard will open, allowing you to add the details for the AWS Security Hub integration. -.. Set the *Integration Name* to the AWS account to which you assigned AWS Security Hub read-only access. +.. Set the *Integration Name* to the AWS account to which you assigned AWS Security Hub read-only access. -.. Enter a *Description* and select a *Region*. +.. Enter an optional *Description* and select a *Region*. + -You select regions only if you enabled Prisma Cloud on AWS Security Hub for your cloud account. +Make sure to select the region where Prisma Cloud on AWS Security Hub is enabled for your cloud account, or else you will receive an error while testing the integration. + -image::administration/aws-security-hub-int-1.png[] +image::administration/aws-security-hub-integrate-1.png[] -.. *Next*. Review the *Summary* and either *edit* to make changes or *Test*. +.. Click *Next*, review the *Summary*, and then *Test Integration*. + -image::administration/aws-security-hub-int-2.png[] +image::administration/aws-security-hub-integrate-2.png[] -.. *Save* the integration. +.. *Save Integration* if the test is successful. ++ +image::administration/aws-security-hub-integrate-3.png[] + -After you set up the integration successfully, you can use the Get Status link in *Settings > Integrations* to periodically check the integration status. +Once you successfully set up the integration, you will find it listed on the Integrations page. You can *View*, *Edit*, or *Delete* the integration from the *Actions* panel. You can also check the integration status periodically by clicking on the *Get Status* link. + -image::administration/get-status.png[] +image::administration/aws-security-hub-integrate-4.png[] @@ -82,7 +80,7 @@ image::administration/get-status.png[] + [NOTE] ==== -If you have integrated an AWS Organization account with Security Hub on Prisma Cloud, it is considered as a standalone account. This means you will only receive alerts for the master account on Security Hub, not its child accounts. If you want to receive alerts for every child account linked to that master account, you must repeat Steps 1 through 3 and then configure alert rules for each account. +If you have integrated an AWS Organization account with Security Hub on Prisma Cloud, it is considered a standalone account. This means you will only receive alerts for the master account on Security Hub, not its child accounts. To receive alerts for every child account linked to that master account, you must repeat Steps 1 through 3 and then configure alert rules for each account. ==== . View Prisma Cloud alerts on AWS Security Hub. @@ -91,7 +89,7 @@ If you have integrated an AWS Organization account with Security Hub on Prisma C .. Click *Findings* to view the alerts. -.. Select the *Title* to view details the alert description. +.. Select the *Title* to view details of the alert description. + image::administration/securityhub-findings-details.png[]