Voiced by Amazon Polly |
Overview
Maintaining a security posture is paramount in today’s dynamic cloud environments. Integrating Prisma Cloud with AWS Security Hub allows you to centralize visibility and monitor security and compliance risks across your AWS cloud assets. This integration provides a comprehensive view of resource misconfigurations, compliance violations, network security risks, and anomalous user activities from the AWS Security Hub console.
Pioneers in Cloud Consulting & Migration Services
- Reduced infrastructural costs
- Accelerated application deployment
Introduction
This integration helps streamline security operations, providing a unified view of potential threats and compliance issues.
Integration Process
Step 1: Attach AWS Security Hub Read-Only Policy
Log in to AWS Console:
- Navigate to the Identity and Access Management (IAM) section.
- Select “Roles” and search for the role used to onboard your AWS account to Prisma Cloud.
Attach Permissions:
- Click on the role name.
- Choose “Add permissions” and then “Attach Policies”.
- Search for “SecurityHubRead” and select “AWSSecurityHubReadOnlyAccess”.
- Attach the policy.
Step 2: Enable Prisma Cloud Integration in AWS Security Hub
- Sign Up for Prisma Cloud on AWS Security Hub.
- Log in to the AWS console and go to Security Hub.
- Navigate to Integrations and search for “Prisma Cloud Enterprise”.
- Find “Palo Alto Networks: Prisma Cloud Enterprise” and accept the findings.
Step 3: Set Up AWS Security Hub Integration in Prisma Cloud
- Log in to Prisma Cloud:
- Navigate to “Settings”> “Integrations”.
- Click “Add Integration” and select “AWS Security Hub”. This opens up a modal wizard.
- Configure Integration:
- Set the Integration Name to match the AWS account.
- Enter a description and select a region (if applicable).
- Review the summary, test the configuration, and save the integration.
- Verify Integration Status:
- Use the “Get Status” link in “Settings”> “Integrations” to periodically check the integration status.
Step 4: Configure Alert Rules
- Modify or Create Alert Rules:
- Go to “Alerts”> “Alert Rules” in Prisma Cloud.
- Create a new alert rule or modify an existing one.
- Specify the conditions for alert notifications and configure the notifications to be sent to AWS Security Hub.
Step 5: Email Notifications (Optional)
Customize Email Templates:
- Prisma Cloud provides a default email notification template, which can be customized using the in-app rich-text editor.
- Select “Alerts”> “Notification Templates” to add or modify a template.
- Configure the template to include relevant details and remediation instructions.
Configure Email Notification Settings:
- In “Alert Rules”, navigate to “Configure Notifications”> “Email”.
- Enter the email addresses of notification recipients and enable the toggle to send alerts.
- Optionally, select your custom email template and set the notification frequency.
- Viewing Alerts on AWS Security Hub
Once the integration is set up, you can view Prisma Cloud alerts directly on the AWS Security Hub console:
Log in to AWS Console:
- Go to Security Hub and click “Findings”.
- Select an alert title to view detailed descriptions and recommended actions.
Additional Considerations
For AWS Organization accounts, the integration needs to be set up for each child account individually to receive alerts for all linked accounts.
Integrating Prisma Cloud with AWS Security Hub can significantly enhance your ability to monitor and respond to security and compliance risks, ensuring a secure cloud environment.
Conclusion
Integrating Prisma Cloud with AWS Security Hub provides a powerful solution for centralizing the visibility and management of security and compliance risks across your AWS cloud assets. This integration enhances your ability to monitor and respond to threats, ensuring security posture. Following the steps outlined in this guide, you can set up this integration efficiently, enabling you to benefit from real-time alerts and detailed insights into your cloud environment. This centralized approach to security management streamlines operations and strengthens your overall cloud security strategy, helping you maintain compliance and protect your valuable data and resources.
Drop a query if you have any questions regarding Prisma Cloud or AWS Security Hub and we will get back to you quickly.
Making IT Networks Enterprise-ready – Cloud Management Services
- Accelerated cloud migration
- End-to-end view of the cloud environment
About CloudThat
CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.
CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, AWS GenAI Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, Amazon ECS Service Delivery Partner, AWS Glue Service Delivery Partner, Amazon Redshift Service Delivery Partner, AWS Control Tower Service Delivery Partner, AWS WAF Service Delivery Partner and many more.
To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.
FAQs
1. How does integrating Prisma Cloud and AWS Security Hub enhance security monitoring?
ANS: – Integrating Prisma Cloud with AWS Security Hub centralizes security visibility, enabling you to monitor security and compliance risks across your AWS cloud environment from a single console. This integration lets you receive detailed insights and alerts from Prisma Cloud directly within AWS Security Hub, providing a unified view of resource misconfigurations, compliance violations, network security risks, and anomalous user activities. This enhanced visibility helps streamline security operations and ensures a more robust security posture.
2. Can I customize the alerts sent from Prisma Cloud to AWS Security Hub?
ANS: – Yes, you can customize the alerts sent from Prisma Cloud to AWS Security Hub. In Prisma Cloud, you can create new alert rules or modify existing ones to specify the conditions under which alerts should be generated. Additionally, you can configure the alert notifications to be sent to AWS Security Hub, ensuring that the alerts align with your specific security requirements and policies.
WRITTEN BY Bhupesh .
Bhupesh is working as a Research Associate at CloudThat. He is passionate about learning and gaining industrial experience in cloud computing technologies like AWS and Azure. Bhupesh is also an excellent communicator and collaborator. He also proactively seeks new challenges and opportunities to learn and grow in his role. His passion for learning and exploring new technologies and his technical expertise make him a valuable member of any team working in the field.
Click to Comment