This solution is deprecated.
For Security Hub Integration for R80.30 and above, refer to Cloud Management Extension (CME) Admin Guide -> "AWS Security Hub" section

---

Overview

AWS Security Hub is an AWS security service that provides you with a comprehensive view of your security state within AWS. Security Hub aggregates security findings generated by several other AWS security services and supported security findings providers, such as Check Point CloudGuard Network Security for AWS, and helps you analyze your security trends and identify the highest priority security issues across your AWS environment. Read more about AWS Security Hub here.

Check Point CloudGuard Network Security for AWS extends comprehensive enterprise-grade security, including zero-day threat protection, deep packet HTTPS inspection, intrusion prevention system (IPS), and complete application and identity awareness, to the AWS Cloud. It protects assets in the cloud from attacks while enabling secure connectivity, and lets you enforce consistent security policies across your entire organization.

CloudGuard integration with AWS Security Hub automatically provides AWS Security Hub with findings generated by the CloudGuard Network Security gateways protecting your AWS environment, allowing you to view and analyze them within AWS.

 

Prerequisites

1. AWS Security Hub is enabled in the AWS account.
2. Your AWS resources are protected by Check Point CloudGuard Network Security gateway(s).
3. The security gateways are managed with Check Point Security Management Server R80.20 deployed in AWS.

Note: to view detailed information regarding the AWS resources reported by the CloudGuard Network Security gateways in Security Hub Findings, use CloudGuard Controller AWS objects in your Security Policy.

 

Configuration

In your AWS account, subscribe to Check Point CloudGuard as an AWS Security Hub provider and grant the Security Management Server permissions to import Findings to Security Hub:

1. Subscribe to Check Point CloudGuard in AWS Security Hub:
   1. Open the AWS Security Hub console.
   2. Click Settings.
   3. Select the Providers tab.
   4. Subscribe to "Check Point: CloudGuard IaaS".
2. In the IAM policy of the IAM role attached to the Security Management Server, add a statement to allow action securityhub:BatchImportFindings to any resource.

Configure the Security Management Server to send Findings to AWS Security Hub:

1. Connect to the Security Management Server over SSH.
2. Log in to Expert mode.
3. Download the latest CloudGuard Security Hub package from https://s3.amazonaws.com/chkp-securityhub/chkp-securityhub.tgz
4. Acquire the lock over Gaia configuration database:
   
   clish -c 'lock database override'
   
   
5. Import the downloaded package:
   
   clish -c 'installer import local <File-Path>/<Package_File_Name>.tgz'
   
   Replace <File-Path> with the full path of the package downloaded in step 3.
   
   
6. Show the imported packages and verify that the downloaded package is imported:
   
   clish -c 'show installer packages imported'
   
   
7. Verify that this downloaded package can be installed without conflicts:
   
   clish -c 'installer verify <File-Path>/<Package_File_Name>.tgz'
   
   Replace <File-Path> with the full path of the package downloaded in step 3.
   
   
8. Install the package:
   
   clish -c 'installer install <File-Path>/<Package_File_Name>.tgz'
   
   Replace <File-Path> with the full path of the package downloaded in step 3.
   
   
9. Provide your AWS account ID and region:
   
   $RTDIR/scripts/securityhub-config.py <ACCOUNT-ID> <REGION>
   
   Replace <ACCOUNT-ID> with your AWS account ID and <REGION> with the region in which you wish to send Security Hub Findings.

Notes:

• Check Point log entries are transformed to AWS Security Hub Findings with Log Exporter. To view the full logs, use SmartConsole.
• In case of MDS solution, the package must be installed on the log server