Cloud Security Operations with AWS Security Hub and Prisma Cloud Integration

Overview

Maintaining a security posture is paramount in today’s dynamic cloud environments. Integrating Prisma Cloud with AWS Security Hub allows you to centralize visibility and monitor security and compliance risks across your AWS cloud assets. This integration provides a comprehensive view of resource misconfigurations, compliance violations, network security risks, and anomalous user activities from the AWS Security Hub console.

Introduction

This integration helps streamline security operations, providing a unified view of potential threats and compliance issues.

Integration Process

Step 1: Attach AWS Security Hub Read-Only Policy

Log in to AWS Console:

• Navigate to the Identity and Access Management (IAM) section.
• Select “Roles” and search for the role used to onboard your AWS account to Prisma Cloud.

Attach Permissions:

• Click on the role name.
• Choose “Add permissions” and then “Attach Policies”.

• Search for “SecurityHubRead” and select “AWSSecurityHubReadOnlyAccess”.
• Attach the policy.

Step 2: Enable Prisma Cloud Integration in AWS Security Hub

• Sign Up for Prisma Cloud on AWS Security Hub.
• Log in to the AWS console and go to Security Hub.
• Navigate to Integrations and search for “Prisma Cloud Enterprise”.
• Find “Palo Alto Networks: Prisma Cloud Enterprise” and accept the findings.

Step 3: Set Up AWS Security Hub Integration in Prisma Cloud

• Log in to Prisma Cloud:
• Navigate to “Settings”> “Integrations”.
• Click “Add Integration” and select “AWS Security Hub”. This opens up a modal wizard.
• Configure Integration:
• Set the Integration Name to match the AWS account.
• Enter a description and select a region (if applicable).
• Review the summary, test the configuration, and save the integration.
• Verify Integration Status:
• Use the “Get Status” link in “Settings”> “Integrations” to periodically check the integration status.

Step 4: Configure Alert Rules

• Modify or Create Alert Rules:
• Go to “Alerts”> “Alert Rules” in Prisma Cloud.
• Create a new alert rule or modify an existing one.
• Specify the conditions for alert notifications and configure the notifications to be sent to AWS Security Hub.

Step 5: Email Notifications (Optional)

Customize Email Templates:

• Prisma Cloud provides a default email notification template, which can be customized using the in-app rich-text editor.
• Select “Alerts”> “Notification Templates” to add or modify a template.
• Configure the template to include relevant details and remediation instructions.

Configure Email Notification Settings:

• In “Alert Rules”, navigate to “Configure Notifications”> “Email”.
• Enter the email addresses of notification recipients and enable the toggle to send alerts.
• Optionally, select your custom email template and set the notification frequency.
• Viewing Alerts on AWS Security Hub

Once the integration is set up, you can view Prisma Cloud alerts directly on the AWS Security Hub console:

Log in to AWS Console:

• Go to Security Hub and click “Findings”.
• Select an alert title to view detailed descriptions and recommended actions.

Additional Considerations

For AWS Organization accounts, the integration needs to be set up for each child account individually to receive alerts for all linked accounts.

Integrating Prisma Cloud with AWS Security Hub can significantly enhance your ability to monitor and respond to security and compliance risks, ensuring a secure cloud environment.

Conclusion

Integrating Prisma Cloud with AWS Security Hub provides a powerful solution for centralizing the visibility and management of security and compliance risks across your AWS cloud assets. This integration enhances your ability to monitor and respond to threats, ensuring security posture. Following the steps outlined in this guide, you can set up this integration efficiently, enabling you to benefit from real-time alerts and detailed insights into your cloud environment. This centralized approach to security management streamlines operations and strengthens your overall cloud security strategy, helping you maintain compliance and protect your valuable data and resources.

Drop a query if you have any questions regarding Prisma Cloud or AWS Security Hub and we will get back to you quickly.

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, AWS GenAI Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner,  AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, Amazon ECS Service Delivery Partner, AWS Glue Service Delivery Partner, Amazon Redshift Service Delivery Partner, AWS Control Tower Service Delivery Partner, AWS WAF Service Delivery Partner and many more.

To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.