AWS Security Hub Integration
You can operationalize AWS IAM monitoring by integrating k9 Security’s IAM access change analysis with AWS Security Hub. AWS Security Hub collects security data from your AWS accounts, services, and third-parties such as k9 Security so that you can check your environment against security industry standards and best practices.
k9 Security’s IAM Access Analyzer sends access analysis findings to Security Hub once you enable the integration. Then you can review and remediate those findings within Security Hub or another integrated tool.
IAM access analysis findings
k9 Security sends findings for important IAM access changes such as an IAM user or role becoming an IAM administrator:
The finding shows an IAM role that has been granted IAM administration capabilities. The finding’s description explains the implications of that change. The Notes section directs the analyst or engineer to k9 Security’s process for reviewing IAM administrators and questions to ask.
Further, each finding is classified into one or more finding types based on the MITRE ATT&CK® framework.
For example, IAM administrator added finding classifies to two types:
- Software and Configuration Checks/AWS Security Best Practices
- TTPs/Privilege Escalation
These finding types allow analysts to focus on particular threats.
To receive k9 Security’s access change notifications in Security Hub: