monkey/docs/content/usage/integrations/aws-security-hub.md

---
title: "AWS Security Hub integration"
date: 2020-06-28T10:38:12+03:00
draft: false
description: "Correlate the Monkey's findings with the native security solutions and benchmark scores."
tags: ["aws", "integration"]
---

The Infection Monkey integration with the [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) allows anyone to verify and test the resilience of their AWS environment and correlate this information with the native security solutions and benchmark score.

![AWS security hub logo](/images/usage/integrations/AWS-Security-Hub-logo.png "AWS security hub logo")

The integration will send all Infection Monkey findings (typically 10 to 40) to the AWS Security Hub at the end of a breach simulation.

## Setup

If the correct AWS IAM role permissions have been set on the Monkey Island machine, it will automatically export its findings to the AWS Security Hub.

### Specific permissions required for the AWS Security Hub

- `"securityhub:UpdateFindings"`
- `"securityhub:BatchImportFindings"`


Note that this integration is specifically between your Monkey Island and the AWS Security Hub. The Infection Monkey is a free project, and there is no centralized infrastructure.

### Enabling finding reception

Before starting the scan, make sure that the AWS Security Hub is accepting findings by enabling the Infection Monkey integration. Find **GuardiCore: AWS Infection Monkey** integration on the list and click on **Accept findings**.

![Enabled integration](/images/usage/integrations/security-hub-enable-accepting-findings.png "Enabled integration")

## Integration details

The Infection Monkey reports the following types of issues to the AWS Security Hub: `Software and Configuration Checks/Vulnerabilities/CVE`.

Specifically, the Infection Monkey sends findings for all vulnerabilities it finds along with generic findings on the network (such as segmentation issues). Our normalized severity is 100, while most issues we report range between 1 and 10.

## Regions

The Infection Monkey is usable on all public AWS instances.

## Example

After setting up the Infection Monkey in AWS and attaching the correct IAM roles to your Monkey Island machine, the report findings were exported to the AWS Security Hub.

1. Navigate to `Findings`.
2. Click on a specific finding to see more details and possible solutions.

![AWS Security hub console example](/images/usage/integrations/security-hub-console-example.png "AWS Security hub console example")
Added some tags, AWS pages, and config note about it being incomplete for now 2020-06-28 16:35:16 +08:00			`---`
			`title: "AWS Security Hub integration"`
			`date: 2020-06-28T10:38:12+03:00`
			`draft: false`
			`description: "Correlate the Monkey's findings with the native security solutions and benchmark scores."`
			`tags: ["aws", "integration"]`
			`---`

			`The Infection Monkey integration with the [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) allows anyone to verify and test the resilience of their AWS environment and correlate this information with the native security solutions and benchmark score.`

			`![AWS security hub logo](/images/usage/integrations/AWS-Security-Hub-logo.png "AWS security hub logo")`

Copyedits for usage sections (#965) Copy edits - round 2 2021-02-22 20:06:56 +08:00			`The integration will send all Infection Monkey findings (typically 10 to 40) to the AWS Security Hub at the end of a breach simulation.`
Added some tags, AWS pages, and config note about it being incomplete for now 2020-06-28 16:35:16 +08:00
			`## Setup`

Copyedits for usage sections (#965) Copy edits - round 2 2021-02-22 20:06:56 +08:00			`If the correct AWS IAM role permissions have been set on the Monkey Island machine, it will automatically export its findings to the AWS Security Hub.`
Added some tags, AWS pages, and config note about it being incomplete for now 2020-06-28 16:35:16 +08:00
Copyedits for usage sections (#965) Copy edits - round 2 2021-02-22 20:06:56 +08:00			`### Specific permissions required for the AWS Security Hub`
Added some tags, AWS pages, and config note about it being incomplete for now 2020-06-28 16:35:16 +08:00
			- `"securityhub:UpdateFindings"`
			- `"securityhub:BatchImportFindings"`

Copyedits for usage sections (#965) Copy edits - round 2 2021-02-22 20:06:56 +08:00
			`Note that this integration is specifically between your Monkey Island and the AWS Security Hub. The Infection Monkey is a free project, and there is no centralized infrastructure.`
Added some tags, AWS pages, and config note about it being incomplete for now 2020-06-28 16:35:16 +08:00
Added missing security hub setup step to documentation 2020-10-15 16:24:24 +08:00			`### Enabling finding reception`

Copyedits for usage sections (#965) Copy edits - round 2 2021-02-22 20:06:56 +08:00			`Before starting the scan, make sure that the AWS Security Hub is accepting findings by enabling the Infection Monkey integration. Find GuardiCore: AWS Infection Monkey integration on the list and click on Accept findings.`
Added missing security hub setup step to documentation 2020-10-15 16:24:24 +08:00
			`![Enabled integration](/images/usage/integrations/security-hub-enable-accepting-findings.png "Enabled integration")`

Added some tags, AWS pages, and config note about it being incomplete for now 2020-06-28 16:35:16 +08:00			`## Integration details`

Copyedits for usage sections (#965) Copy edits - round 2 2021-02-22 20:06:56 +08:00			The Infection Monkey reports the following types of issues to the AWS Security Hub: `Software and Configuration Checks/Vulnerabilities/CVE`.
Added some tags, AWS pages, and config note about it being incomplete for now 2020-06-28 16:35:16 +08:00
Copyedits for usage sections (#965) Copy edits - round 2 2021-02-22 20:06:56 +08:00			`Specifically, the Infection Monkey sends findings for all vulnerabilities it finds along with generic findings on the network (such as segmentation issues). Our normalized severity is 100, while most issues we report range between 1 and 10.`
Added some tags, AWS pages, and config note about it being incomplete for now 2020-06-28 16:35:16 +08:00
			`## Regions`

			`The Infection Monkey is usable on all public AWS instances.`

			`## Example`

Copyedits for usage sections (#965) Copy edits - round 2 2021-02-22 20:06:56 +08:00			`After setting up the Infection Monkey in AWS and attaching the correct IAM roles to your Monkey Island machine, the report findings were exported to the AWS Security Hub.`
Added some tags, AWS pages, and config note about it being incomplete for now 2020-06-28 16:35:16 +08:00
			1. Navigate to `Findings`.
Copyedits for usage sections (#965) Copy edits - round 2 2021-02-22 20:06:56 +08:00			`2. Click on a specific finding to see more details and possible solutions.`
Added some tags, AWS pages, and config note about it being incomplete for now 2020-06-28 16:35:16 +08:00
docs: Fix image url for integration page 2020-09-04 00:08:18 +08:00			`![AWS Security hub console example](/images/usage/integrations/security-hub-console-example.png "AWS Security hub console example")`