Table of contents

Security Hub

Currently in Preview

About Security Hub

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. AWS Security Hub continuously monitors your environment using automated security checks based on the AWS best practices and industry standards that your organization follows.

Integrating the Security Hub Channel with Trend Micro - Cloud One

Using an AWS Security Hub integration channel you can send security events and assessments from Cloud One services into AWS Security Hub. This will allow you to analyze Trend Micro Cloud One data alongside data from AWS Cloud Native security solutions like: 'Amazon GuardDuty', 'Amazon Inspector', 'Amazon Macie', 'AWS Identity' and 'Access Management (IAM) Access Analyzer', 'AWS Systems Manager', and 'AWS Firewall Manager'. Security Hub is a single place that can aggregate, organize, prioritize, and automate the remediation of security alerts, or findings.

We currently only support Cloud One Container Security Runtime Events.

See the table below for supported Cloud One access roles.

We do not currently support Custom roles in the Preview release.

Cloud One Account Role Create List Update Delete
Full Access green-check green-check green-check green-check
Read Only red-cross green-check red-cross red-cross

Setting up Security Hub integration

Security Hub integration can be set up by using the Cloud One Integrations API. Please refer to the API reference documentation for how to set up your first integration.

As part of the Cloud One registration with Security Hub a one-time test finding is created in AWS Security Hub and placed in a Resolved workflow state.

Setting up an IAM role for cross account access via AWS Console

You will first need to set up an IAM role for cross accout access to provide Trend Micro Cloud one with the permission to push findings to your AWS Security Hub.

  1. Create a new IAM Policy to allow BatchImportFindings to your security hub resource(s).

    setting aws iam policy

    IAM Policy:

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
              "securityhub:BatchImportFindings"
          ],
          "Resource": "YOUR_SECURITY_HUB_ARN"
        }
      ]
    }
  2. Create a new IAM role to provide the cross-account access to Trend Micro:

    • For Trusted entity type, select AWS Account
    • For Account ID, type the Trend Micro AWS Account 868324285112
    • Select Require external ID and enter your cloud one account ID in the field populated
    • Add the IAM policy you’ve created in Step 1

    setting aws iam role

    Trust Policy:

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
              "AWS": "arn:aws:iam::868324285112:root"
          },
          "Action": "sts:AssumeRole",
          "Condition": {
              "StringEquals": {
                  "sts:ExternalId": "YOUR_CLOUD_ONE_ACCOUNT_ID"
              }
          }
        }
      ]
    }
  3. Copy and save the Role ARN.

You will need this role while integrating your AWS Security Hub with Trend Micro Cloud One using the API reference.