Spaces
Apps
Templates
Create
Blue Hexagon Documentation
All content
Space settings
Content
Results will update as you type.
Getting started
Blue Hexagon Quick Start Guide
Blue Hexagon Portal User-Guide
•
Blue Hexagon Verdict API
•
Blue Hexagon Insights API
Integrations
•
Deploying Blue Hexagon with AWS Traffic Mirroring
•
Blue Hexagon VMware Virtual Appliance User Guide
•
AWS Marketplace
Blue Hexagon for AWS
Blue Hexagon for Azure
Blue Hexagon for GCP - Legacy
Blue Hexagon Enterprise Single Sign-On (SSO)
AWS Misconfiguration Remediations
•
AWS-ACM-ACM-Certificate-Expiry
•
AWS-ACM-ACM-Certificate-Validation
•
AWS-ACM-certificate use appropriate algorithms and key size
•
AWS-ACM-uses-imported-certificate-only
•
AWS-ALB-WAF-ACL
•
AWS-APIGateway-API-Gateway-Certificate-Rotation
•
AWS-APIGateway-API-Gateway-Client-Certificate
•
AWS-APIGateway-API-Gateway-CloudWatch-Logs
•
AWS-APIGateway-API-Gateway-Content-Encoding
•
AWS-APIGateway-API-Gateway-Detailed-CloudWatch-Metrics
•
AWS-APIGateway-API-Gateway-Private-Endpoints
•
AWS-APIGateway-API-Gateway-Tracing-Enabled
•
AWS-APIGateway-API-Gateway-WAF-Enabled
•
AWS-APIGateway-encryption-disable-for-caching-for-REST-api-stage
•
AWS-APIGateway-REST-apis-accessLog-settings-missing-destinationArn-and-json-format
•
AWS-Athena-Workgroup-Encrypted
•
AWS-Athena-Workgroup-Enforce-Configuration
•
AWS-EC2-VPC-Endpoint-Exposed
•
AWS-S3-S3-Secure-Transport-Enabled
•
AWS-IAM-Cross-Account-Access-External-ID-and-MFA
•
AWS-IAM-Trust-Policy-Unrestricted
•
AWS-IAM-IAM-Role-Policies
•
AWS-IAM-IAM-Role-Last-Used
•
AWS-IAM-IAM-User-Admins
•
AWS-VPC-Security-Group-CIDR-Overlaps
•
AWS-IAM-IAM-Policies-Present
•
AWS-SecretsManager-Secrets-Manager-Encrypted-Secrets
•
AWS-IAM-IAM-Master-and-IAM-Manager-Roles
•
AWS-CloudTrail-CloudTrail-Bucket-Private
•
AWS-ELBv2-ELBv2-No-Instances
•
AWS-IAM-Canary-Keys-Used
•
AWS-S3-S3-Bucket-Website-Enabled
•
AWS-IAM-Current-Contact-Details-Missing
•
AWS-IAM-IAM-Username-Matches-Regex
•
AWS-IAM-Trusted-Cross-Account-Roles
•
AWS-IAM-Group-Inline-Policies
•
AWS-IAM-Custom-Policy-With-Permissive-Role
•
AWS-ELB-Insecure-Ciphers
•
AWS-S3-S3-Bucket-All-Users-ACL
•
AWS-IAM-Resource-Access-Instance-Roles
•
AWS-CloudFront-Public-S3-CloudFront-Origin
•
AWS-AutoScaling-App-Tier-ASG-Launch-Configurations-Approved-AMIs
•
AWS-AutoScaling-App-Tier-Auto-Scaling-Group-CloudWatch-Logs-Enabled
•
AWS-AutoScaling-App-Tier-Launch-Configurations-IAM-Roles
•
AWS-AutoScaling-ASG-Multiple-AZ
•
AWS-AutoScaling-Auto-Scaling-Group-Missing-ELB
•
AWS-AutoScaling-Auto-Scaling-Notifications-Active
•
AWS-AutoScaling-AutoScaling-ELB-Same-Availability-Zone
•
AWS-AutoScaling-ELB-Health-Check-Active
•
AWS-AutoScaling-Empty-AutoScaling-Group
•
AWS-AutoScaling-Launch-Configuration-Referencing-Missing-Security-Groups
•
AWS-AutoScaling-Suspended-AutoScaling-Groups
•
AWS-AutoScaling-Web-Tier-ASG-Launch-Configurations-Approved-AMIs
•
AWS-AutoScaling-Web-Tier-Auto-Scaling-Group-Associated-ELB
•
AWS-AutoScaling-Web-Tier-Auto-Scaling-Group-CloudWatch-Logs-Enabled
•
AWS-AutoScaling-Web-Tier-Launch-Configurations-IAM-Roles
•
AWS-AWS Glue-AWS-Glue-CloudWatch-Encrypted-Logs
•
AWS-TrustedAdvisor-No-Trusted-Advisor
•
AWS-AWS-Route53-Zones-Logging-To-Cloudwatch
•
AWS-SecurityHub-Security-Hub
•
AWS-CloudFormation-CloudFormation-Drift-Detection
•
AWS-CloudFormation-CloudFormation-Plaintext-Parameters
•
AWS-CloudFormation-CloudFormation-Stack-Failed-Status
•
AWS-CloudFormation-CloudFormation-Stack-SNS-Notifications
•
AWS-CloudFormation-CloudFormation-Stack-Termination-Protection-Enabled
•
AWS-CloudFront-CloudFront-HTTPS-Only
•
AWS-CloudFront-CloudFront-Logging-Enabled
•
AWS-CloudFront-CloudFront-WAF-Enabled
•
AWS-CloudFront-Field-Level
•
AWS-CloudFront-Geo-Restrictions
•
AWS-CloudFront-Insecure-CloudFront-Protocols
•
AWS-CloudFront-Secure-CloudFront-Origin
•
AWS-CloudFront-Using-Deprecated-Ssl-Protocol
•
AWS-CloudTrail-CloudTrail-Bucket-Access-Logging
•
AWS-CloudTrail-CloudTrail-Bucket-Delete-Policy
•
AWS-CloudTrail-CloudTrail-Data-Events
•
AWS-CloudTrail-CloudTrail-Delivery-Failing
•
AWS-CloudTrail-CloudTrail-Enabled
•
AWS-CloudTrail-CloudTrail-Encryption
•
AWS-CloudTrail-CloudTrail-File-Validation
•
AWS-CloudTrail-CloudTrail-Global-Services-Logging-Duplicated
•
AWS-CloudTrail-CloudTrail-Management-Events
•
AWS-CloudTrail-CloudTrail-S3-Bucket
•
AWS-CloudTrail-CloudTrail-To-CloudWatch
•
AWS-CloudTrail-is-not-enabled-with-multi-trail-and-not-capturing-all-management-events
•
AWS-CloudTrail-Object-Lock-Enabled
•
AWS-CloudTrail-S3-Bucket-Public
•
AWS-CloudWatchLogs-CloudWatch-Log-Retention-Period
•
AWS-CloudWatchLogs-CloudWatch-Monitoring-Metrics
•
AWS-CodeBuild-CodeBuild-Valid-Source-Providers
•
AWS-CodeStar-CodeStar-Valid-Repository-Providers
•
AWS-Comprehend-Amazon-Comprehend-Output-Result-Encryption
•
AWS-Comprehend-Amazon-Comprehend-Volume-Encryption
•
AWS-Config-Recording-is-disabled
•
AWS-ConfigService-Config-Service-Enabled
•
AWS-DevOpsGuru-DevOps-Guru-Notifications-Enabled
•
AWS-DMS-DMS-Encryption-Enabled
•
AWS-DocumentDB-cluster-snapshots-are-private
•
AWS-DocumentDB-cluster-snapshots-encrypted
•
AWS-DocumentDB-clusters-audit-logs-enable-for-log-export
•
AWS-DocumentDB-clusters-backup-retention-minimum-7-days
•
AWS-DocumentDB-clusters-deletion-protection-enable
•
AWS-DocumentDB-clusters-listening-deafult-port
•
AWS-DocumentDB-db-cluster-master-username-well-known-or-default
•
AWS-DocumentDB-instance-certificates-rotated
•
AWS-DynamoDB-Default-KMS-Encryption
•
AWS-DynamoDB-DynamoDB-Accelerator-Cluster-Encryption
•
AWS-DynamoDB-DynamoDB-Continuous-Backups
•
AWS-DynamoDB-DynamoDB-KMS-Encryption
•
AWS-EBS-Default-Encryption
•
AWS-EC2-ALB-HTTP-listener-redirect-to-HTTPS
•
AWS-EC2-Allowed-Custom-Ports
•
AWS-EC2-Amazon-EBS-Public-Snapshots
•
AWS-EC2-App-Tier-EC2-Instance-IAM-Role
•
AWS-EC2-Automate-EBS-Snapshot-Lifecycle
•
AWS-EC2-classic-ELB-have-SSL-Security-Policy
•
AWS-EC2-Cross-Organization-VPC-Peering-Connections
•
AWS-EC2-Cross-VPC-Public-Private-Communication
•
AWS-EC2-Default-Security-Group
•
AWS-EC2-Default-VPC-Exists
•
AWS-EC2-Default-VPC-In-Use
•
AWS-EC2-Detect-EC2-Classic-Instances
•
AWS-EC2-EBS-Backup-Enabled
•
AWS-EC2-EBS-Encrypted-Snapshots
•
AWS-EC2-EBS-Encryption-Enabled
•
AWS-EC2-EBS-Encryption-Enabled-By-Default
•
AWS-EC2-EBS-Volume-Snapshot-Public
•
AWS-EC2-EBS-Volumes-Too-Old-Snapshots
•
AWS-EC2-EC2-Instance-Key-Based-Login
•
AWS-EC2-EC2-LaunchWizard-Security-Groups
•
AWS-EC2-EC2-Max-Instances
•
AWS-EC2-Elastic-IP-Limit
•
AWS-EC2-Encrypted-AMI
•
AWS-EC2-Excessive-Security-Groups
•
AWS-EC2-Insecure-EC2-Metadata-Options
•
AWS-EC2-Instance-IAM-Role
•
AWS-EC2-Instance-Limit
•
AWS-EC2-Instance-non-compliant
•
AWS-EC2-Instance-vCPU-On-Demand-Based-Limits
•
AWS-EC2-Instances-Managed
Show more below
Blue Hexagon Documentation
/
AWS Misconfiguration Remediations
/
AWS-SecurityHub-Security-Hub
Summarize
AWS-SecurityHub-Security-Hub
naveen
Owned by
naveen
Last updated:
Jun 15, 2022
1 min read
Loading data...
Severity
: High
Description
: Ensures Security Hub is enabled.
Blue Hexagon Proprietary
{"serverDuration": 25, "requestCorrelationId": "41ab0151c8fa4618bf133b9a8b7ebbb2"}