Benchmark: 8. Take action on findings
Description
AWS Security Hub, Amazon GuardDuty, and AWS Identity and Access Management Access Analyzer are managed AWS services that provide you with actionable findings in your AWS accounts. They are easy to turn on and can integrate across multiple accounts. Turning them on is the first step. You also need to take action when you see findings.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-top-10Start the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 8. Take action on findings.
Run this benchmark in your terminal:
powerpipe benchmark run aws_top_10.benchmark.account_security_take_action_on_findingsSnapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_top_10.benchmark.account_security_take_action_on_findings --shareControls
- GuardDuty should be enabled
- GuardDuty Detector should not have high severity findings
- IAM Access analyzer should be enabled without findings
- AWS Security Hub should be enabled for an AWS Account