-
Notifications
You must be signed in to change notification settings - Fork 18
03 detection demo
Paul Duvall edited this page Jan 6, 2021
·
38 revisions
The code in this demo is from the AWS Security Hub Workshop authored by AWS.
- From your Cloud9 terminal, run the following commands to get the latest code from the AWS Security Hub Workshop.
mkdir ~/environment/csoa-3
cd ~/environment/csoa-3
git clone https://github.com/aws-samples/aws-security-hub-workshop.git
cd ~/environment/csoa-3/aws-security-hub-workshop/templates
- Launch the CloudFormation stack by running the command below.
aws cloudformation create-stack --stack-name csoa-3-securityhub --capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND --disable-rollback --template-body file://sechub-workshop-setup-template.json --parameters ParameterKey=EnableGuardDuty,ParameterValue="Yes-Enable GuardDuty" ParameterKey=EnableSecurityHub,ParameterValue="Yes-Enable Security Hub" ParameterKey=EnableConfig,ParameterValue="Yes-Enable Config"
It takes about 4 minutes to launch AWS Security Hub and related stack resources in your AWS account.
After the CloudFormation stacks (main and nested stacks) are complete, go to the web consoles for Security Hub, Config, GuardDuty, Inspector, and Secrets Manager to see the resources that were created when launching the stack. See the links below.
- Go to the AWS CloudFormation Console (search for the stacks beginning with
csoa-3-
). There is one main stack and five nested stacks. These nested stacks provision the Security Hub, Config, GuardDuty, Inspector, and Secrets Manager resources. - Go to the AWS Security Hub Console and click on the Summary, Security standards, Insights, Findings, and Integrations links.
- Go to the AWS Config Console and click on the Conformance packs, Rules, Resources, Aggregators, Rules, Resources, Authorizations, Advanced queries, and Settings links.
- Go to the Amazon GuardDuty Console.
- Go to the Amazon Inspector Console.
- Go to the AWS Secrets Manager Console.
- In your Cloud9 environment, go to the csoa-3/aws-security-hub-workshop/templates directory and open each of the files to review the contents.
- Once you've completed the demo, delete the CloudFormation stacks with the commands below.
aws s3api list-buckets --query 'Buckets[?starts_with(Name, `csoa-3-`) == `true`].[Name]' --output text | xargs -I {} aws s3 rb s3://{} --force
aws cloudformation delete-stack --stack-name csoa-3-securityhub