search

ministryofjustice / modernisation-platform

A place for the core work of the Modernisation Platform • This repository is defined and managed in Terraform
https://user-guide.modernisation-platform.service.justice.gov.uk
MIT License
683 stars 291 forks source link

Integrating AWS Security Hub Alerts into Slack via PagerDuty for High and Critical Findings #8076

Open sukeshreddyg opened 2 weeks ago

sukeshreddyg commented 2 weeks ago

User Story

As a security engineer, I need to set up an automated system that sends high or critical severity findings from AWS Security Hub in individual member accounts to Slack via PagerDuty. The solution should be deployed using our Baseline Module, ensuring that the security alerts follow predefined automation and infrastructure standards. The system must update the status of findings to Notified once they are processed.

Value / Purpose

This solution will enhance the team's visibility into critical security issues across all AWS accounts within MP OU . By filtering and sending only high or critical severity findings to Slack through PagerDuty, it will prevent alert fatigue, improve incident response times, and ensure that findings are properly tracked with updated statuses.

Useful Contacts

No response

Additional Information

Architecture: Based on the provided architecture diagram, each member account uses AWS EventBridge and SNS to capture Security Hub findings. A Lambda function is then used to updating the Security Hub finding's workflow status to "Notified" upon successful notification. Slack Integration: A separate Slack channel should be created to handle these alerts, ensuring that only relevant high/critical findings are posted for quick action.

architecture2

Definition of Done

SimonPPledger commented 1 week ago

We have decided not to progress with this - at least for now - so closing

SimonPPledger commented 1 week ago

(closed the wrong ticket)