Ingest and enrich AWS Security Hub findings with Dynatrace

Dynatrace integrates with AWS Security Hub to unify, visualize, and automate security findings across tools and environments. Adding Dynatrace runtime context to security findings allows smarter prioritization, helps reduce the noise from alerts, and focuses your DevSecOps teams on efficiently remedying the critical issues affecting your production environments and applications.

AWS Security Hub findings

AWS Security Hub provides a great way of aggregating security findings, especially those related to cloud infrastructure. The main categories are detections, vulnerabilities, and compliance misconfigurations. Third-party findings can be explored alongside AWS-native security findings.

Findings from various stages of the Software Development Lifecycle (SDLC) are mixed in: code scans, build scans, and runtime. This can sometimes make it difficult to connect the dots, see the unified picture, and understand the actual impact.

It can also be challenging to construct a full view of one’s security exposures when analyzing security findings across various environments and cloud infrastructures.

Moreover, findings can come from various types of environments: development, testing, and production. This increases the number of findings to prioritize. The amount of noise generated also rises, along with the probability of missing critical issues.

Additional context is required to efficiently filter out the less important findings and focus on the real critical issues that directly impact your production applications.

Add context to AWS Security Hub findings

The Dynatrace platform, powered by OpenPipeline™, provides unified security event ingest and analysis across tools and cloud environments. Findings are mapped to Dynatrace semantic conventions and stored in Grail™ data lakehouse, allowing you to uniformly access and analyze your ingested data.

Dashboards, Notebooks and Security Investigator apps help you to visualize the security findings. Workflows serves as the automation engine to efficiently process and triage the security findings, create working tickets for your DevSecOps teams, and send notifications to the relevant stakeholders.

Supported findings can be mapped to the monitored runtime entities, which enables you to assess the risks and impact of the findings within the context of your business-critical services and applications. This is the key to smarter prioritization and noise reduction.

In addition to the unified analysis and prioritization of security findings, users gain insight into their security product coverage, identify gaps, and assess the effectiveness of their security tooling. Dynatrace helps answer questions such as: Which tools cover what parts of my environment? Where do I have security assessment gaps? And, which tools generate the most value?

How it works

AWS Security Hub integration leverages Amazon EventBridge as the transit point for forwarding the various security findings to Dynatrace in ASFF format.

Dynatrace supports the ASFF format out of the box, processing and mapping the three security finding types (detections, vulnerabilities, and compliance) to the Dynatrace Semantic Dictionary and storing them in Grail as events.

You can consume the ingested events via native Dynatrace® Apps, such as Dashboards, Notebooks, Workflows, and more.

The AWS Security Hub integration app provides easy-to-follow steps to set up the integration and monitoring capabilities to ensure the integration runs properly.

We also provide you with several ready-made artifacts as part of the application to serve as a starting point for your analysis and automation:

• Sample dashboards to visualize the security findings and assess the coverage.
• Sample workflows to automate the orchestration of critical findings by creating notifications and tickets.

What´s next

Read more about how to Ingest and enrich security findings delivered by Amazon EventBridge with Dynatrace, as well as how to Enrich Amazon ECR vulnerability findings with runtime context.

Also, visit Dynatrace Documentation to set up your integration and explore sample use cases.