Operationalize AWS IAM monitoring by integrating k9 Security’s IAM access change analysis with AWS Security Hub. AWS Security Hub collects security data from your AWS accounts, services, and third-parties such as k9 Security so that you can check your environment against security industry standards and best practices.
k9 Security’s IAM Access Analyzer now sends access analysis findings to Security Hub once you enable integration. Then you can review and remediate those findings within Security Hub or another integrated tool.
How k9 Security sends IAM access analysis findings to Security Hub
Security Hub tracks potential security issues as findings. k9 Security sends findings for important IAM access changes such as an IAM user or role becoming an IAM administrator.
The preceding image shows a finding an IAM role that has been granted IAM administration capabilities. The finding’s description explains the implications of that change. The Notes section directs the analyst or engineer to k9 Security’s process for reviewing IAM administrators and questions to ask.
Further, each finding is classified into one or more finding types based on the MITRE ATT&CK® framework.
IAM administrator added finding classifies to two types:
Software and Configuration Checks/AWS Security Best Practices
These finding types allow analysts to focus on particular threats.
Enable k9 Security integration with Security Hub
To receive k9 Security’s access change notifications in Security Hub:
- Enable Security Hub in each monitored AWS account
- Subscribe to k9 Security in AWS Marketplace
- Configure k9 Security report and notification delivery using CloudFormation
- Configure k9 Security IAM access monitoring for accounts using CloudFormation
- Subscribe to k9 Security findings by navigating to the k9 Security option in the Security Hub Integrations in the AWS console and clicking ‘Accept Findings’