Support Center > Search Results > SecureKnowledge Details
Configure CloudGuard as an AWS Security Hub provider Technical Level
Solution

Table of Contents:

  • Configure an AWS IAM policy for CloudGuard
  • Subscribe to the CloudGuard provider in the Secure Hub
  • Configure a Notification on CloudGuard
  • Configure multiple AWS accounts to a single Secure Hub
  • See also

You can configure CloudGuard to send compliance notifications to the AWS Security Hub. This is for Continuous Posture assessments only.

To receive CloudGuard notifications on the Secure Hub, you must onboard your AWS account to CloudGuard. To do this, follow the steps here. If you have already onboarded your AWS account, continue below.

To ensure that CloudGuard sends compliance notifications to the Secure Hub, you must add an IAM policy to your AWS account and configure Continuous Posture assessments in CloudGuard with a Notification (Set up a Notification).

When this is configured, an issue is created for each rule that fails in an assessment, for each ruleset and environment. If the same issue occurs in a subsequent assessment, for the same ruleset and environment, a new issue is not created.

To view CloudGuard findings on the Secure Hub, you must subscribe to CloudGuard as a provider on the Secure Hub console.

Configure an AWS IAM policy for CloudGuard

Add this IAM policy in the AWS account that receives alerts to the Secure Hub.

  1. In the AWS console, navigate to the IAM dashboard.
  2. Select Roles in the navigation pane on the left and then select the CloudGuard-Connect role.
  3. Select the Permissions tab and then click Attach policies.
  4. Click Create policy, and then select the JSON tab.
  5. Add the following policy block:
{ 
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"securityhub:UpdateFindings",
"securityhub:BatchImportFindings"
],
"Resource": "*"
}
]
}

Subscribe to the CloudGuard integration in the Secure Hub

  1. In the AWS Secure Hub, navigate to the Integrations page.
  2. Select Check Point: CloudGuard Posture Management as a provider and click Enable integration.

Configure a Notification on CloudGuard

Add a notification in CloudGuard to forward continuous posture findings to the Secure Hub.

  1. In the CloudGuard portal, navigate to the Notifications page in the Settings menu. This opens the list of existing notifications.
  2. If you want to configure notifications to AWS Secure Hub as part of an existing policy, select it from the list on the left, otherwise click Add Notification to define a new notification.
  3. Select the option Send findings to AWS Secure Hub in the Security Management Systems section.

  4. Select your AWS Cloud Account ID.
  5. Select a Region. This should be the region to which you are connected in AWS.
    Note: Only some AWS regions support Secure Hub.
  6. Click Test to check the connection to AWS (this step is mandatory).
  7. Click Save.

Configure multiple AWS accounts to a single Secure Hub

You can associate other AWS accounts to a single (master) account, to view event notifications for all of them on the Secure Hub dashboard of the master account. This is done on the AWS Secure Hub console page.

To do this, follow these steps:

  1. The associated accounts from which you want to see CloudGuard events must be onboarded to CloudGuard (if they are not, follow instructions here).
  2. The associated accounts must be linked to the master account in AWS (in the Secure Hub console).
  3. Create a CloudGuard Continuous Posture Notification that directs findings to the master account in the AWS Secure Hub and apply this policy to each of the accounts, including the master account (see Configure a Notification on CloudGuard above).

 

See also

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment