Support Center > Search Results > SecureKnowledge Details
Configure CloudGuard Dome9 as an AWS Security Hub provider
Solution

Configure CloudGuard Dome9 as an AWS Security Hub integration

Table of Contents:

  • Configure an AWS IAM policy for CloudGuard Dome9
  • Subscribe to the CloudGuard Dome9 provider in the Secure Hub
  • Configure a Notification Policy on CloudGuard Dome9
  • Configure multiple AWS accounts to a single Secure Hub
  • See also

You can configure CloudGuard Dome9 to send compliance notifications to the AWS Security Hub. This is for Continuous Compliance assessments only.

In order to receive Dome9 notifications on the Secure Hub, you must onboard your AWS account to Dome9. To do this, follow the steps here. If you have already onboarded your AWS account, continue below.

In order for Dome9 to send compliance notifications to the Secure Hub, you must add an IAM policy to your AWS account, and configure Continuous Compliance assessments in Dome9 with a Notification Policy (Set up a Notification Policy).

When this is configured, an issue will be created for each rule that fails in an assessment, for each ruleset and cloud environment. If the same issue occurs in a subsequent assessment, for the same ruleset and environment, a new issue is not created.

To view Dome9 alerts on the Secure Hub, you must subscribe to Dome9 as a provider on the Secure Hub console.

Note: this feature is available to selected customers only at this time.

Configure an AWS IAM policy for CloudGuard Dome9

Add this IAM policy in the AWS account that will receive alerts to the Secure Hub.

  1. In the AWS console, navigate to the IAM dashboard.
  2. Select Roles in the navigation pane on the left, and then select the Dome9-Connect role.
  3. Select the Permissions tab, and then click Attach policies.
  4. Click Create policy, and then select the JSON tab.
  5. Add the following policy block:
{ 
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "securityhub:BatchImportFindings",
"Resource": "*"
}
]
}

Subscribe to the CloudGuard Dome9 integration in the Secure Hub

  1. In the AWS Secure Hub, navigate to the Integrations page.
  2. Select Check Point: Dome9 Arc as a provider, and click Enable integration.




Configure a Notification Policy on CloudGuard Dome9

Add a notification policy in Dome9 to forward continuous compliance alerts to the Secure Hub.

  1. In the Dome9 console, navigate to the Continuous Compliance page in the Compliance & Governance menu.
  2. Click Manage Notifications, in the upper right. This will open the Notification Policy window, with a list of existing policies on the left, and a form to define a new policy on the right.
  3. If you want to configure notifications to AWS Secure Hub as part of an existing policy, select it from the list on the left, otherwise enter a name for a new policy.
  4. Check the option Send findings to AWS Secure Hub in the Security Management Systems section.

  5. Enter your AWS Cloud Account ID.
  6. Select a Region. This should be the region to which you are connected in AWS.
    Note: only some AWS regions support Secure Hub.
  7. Click Test to check the connection to AWS (this step is mandatory).
  8. Click Create.

Configure multiple AWS accounts to a single Secure Hub

You can associate other AWS accounts to a single (master) account, to view event notifications for all of them on the Secure Hub dashboard of the master account. This is done on the AWS Secure Hub console page.

To do this, follow these steps:

  1. The associated accounts from which you want to see Dome9 events must be onboarded to Dome9 (if they are not, follow instructions here).
  2. The associated accounts must be linked to the master account in AWS (in the Secure Hub console).
  3. Create a Dome9 Continuous Compliance Notification Policy that directs findings to the master account in the AWS Secure Hub, and apply this policy to each of the accounts, including the master account (see Configure a Notification Policy on CloudGuard Dome9 above.)

 

See also

Continuous Compliance

Onboard and AWS account

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment