Enabling AWS Security Hub & Guard Duty in MDR

In Aug we are adding multiple new AWS connectors to the MDR Integrations EAP.

AWS Security Hub

This is a new connector that will gather alert information from AWS Security Hub and Guard Duty and generate detections for the XDR Admin and MDR Security operations team.   Configuring the connector requires you have an AWS Console and have enabled Security Hub and Guard Duty from Amazon.  

Sophos Cloud Optix:

This connector enables the detections from Optix to be included in the data lake and in the Detections console.  For MDR Accounts with Optix this information is already available for the MDR Security operations team. We are simply adding the connector card to the list of connectors to provide an easy location to monitor all connectors enabled.

Help pages

Security Hub - https://docs.sophos.com/central/Customer/help/en-us/ManageYourProducts/ThreatAnalysisCenter/Integrations/AWS/AWSSecHub/index.html

Optix - https://docs.sophos.com/central/Customer/help/en-us/index.html?contextID=optix

Video

I have included a 7 min video showing how to set-up the connectors and to confirm information is available in the console and for the MDR Team.  This includes a demonstration on how to use AWS to generate sample detections.

https://vimeo.com/manage/videos/742022112 

Queries

We also have a query you can use to explore the Security Hub detections

https://community.sophos.com/mdr-community-channel/mtr-connector-eap/i/queries/explore-security-hub-detections

Thanks

Karl