Cloud Security Operations with AWS Security Hub and Prisma Cloud Integration

Overview

Maintaining a security posture is paramount in today’s dynamic cloud environments. Integrating Prisma Cloud with AWS Security Hub allows you to centralize visibility and monitor security and compliance risks across your AWS cloud assets. This integration provides a comprehensive view of resource misconfigurations, compliance violations, network security risks, and anomalous user activities from the AWS Security Hub console.

Pioneers in Cloud Consulting & Migration Services

Reduced infrastructural costs
Accelerated application deployment

Get Started

Introduction

AWS Security Hub is a central console for managing and monitoring your security posture. By integrating with Prisma Cloud, you can enhance this capability to include detailed insights and alerts from your cloud assets.

This integration helps streamline security operations, providing a unified view of potential threats and compliance issues.

Integration Process

Step 1: Attach AWS Security Hub Read-Only Policy

Log in to AWS Console:

Navigate to the Identity and Access Management (IAM) section.
Select “Roles” and search for the role used to onboard your AWS account to Prisma Cloud.

Attach Permissions:

Click on the role name.
Choose “Add permissions” and then “Attach Policies”.

step1

Search for “SecurityHubRead” and select “AWSSecurityHubReadOnlyAccess”.
Attach the policy.

Step 2: Enable Prisma Cloud Integration in AWS Security Hub

Sign Up for Prisma Cloud on AWS Security Hub.
Log in to the AWS console and go to Security Hub.
Navigate to Integrations and search for “Prisma Cloud Enterprise”.
Find “Palo Alto Networks: Prisma Cloud Enterprise” and accept the findings.

step2

Step 3: Set Up AWS Security Hub Integration in Prisma Cloud

Log in to Prisma Cloud:
Navigate to “Settings”> “Integrations”.
Click “Add Integration” and select “AWS Security Hub”. This opens up a modal wizard.
Configure Integration:
Set the Integration Name to match the AWS account.
Enter a description and select a region (if applicable).
Review the summary, test the configuration, and save the integration.
Verify Integration Status:
Use the “Get Status” link in “Settings”> “Integrations” to periodically check the integration status.

step3

Step 4: Configure Alert Rules

Modify or Create Alert Rules:
Go to “Alerts”> “Alert Rules” in Prisma Cloud.
Create a new alert rule or modify an existing one.
Specify the conditions for alert notifications and configure the notifications to be sent to AWS Security Hub.

Step 5: Email Notifications (Optional)

Customize Email Templates:

Prisma Cloud provides a default email notification template, which can be customized using the in-app rich-text editor.
Select “Alerts”> “Notification Templates” to add or modify a template.
Configure the template to include relevant details and remediation instructions.

Configure Email Notification Settings:

In “Alert Rules”, navigate to “Configure Notifications”> “Email”.
Enter the email addresses of notification recipients and enable the toggle to send alerts.
Optionally, select your custom email template and set the notification frequency.
Viewing Alerts on AWS Security Hub

Once the integration is set up, you can view Prisma Cloud alerts directly on the AWS Security Hub console:

step5

Log in to AWS Console:

Go to Security Hub and click “Findings”.
Select an alert title to view detailed descriptions and recommended actions.

Additional Considerations

For AWS Organization accounts, the integration needs to be set up for each child account individually to receive alerts for all linked accounts.

Integrating Prisma Cloud with AWS Security Hub can significantly enhance your ability to monitor and respond to security and compliance risks, ensuring a secure cloud environment.

Conclusion

Integrating Prisma Cloud with AWS Security Hub provides a powerful solution for centralizing the visibility and management of security and compliance risks across your AWS cloud assets. This integration enhances your ability to monitor and respond to threats, ensuring security posture. Following the steps outlined in this guide, you can set up this integration efficiently, enabling you to benefit from real-time alerts and detailed insights into your cloud environment. This centralized approach to security management streamlines operations and strengthens your overall cloud security strategy, helping you maintain compliance and protect your valuable data and resources.

Drop a query if you have any questions regarding Prisma Cloud or AWS Security Hub and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

Accelerated cloud migration
End-to-end view of the cloud environment

Get Started

About CloudThat

CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.

FAQs

1. How does integrating Prisma Cloud and AWS Security Hub enhance security monitoring?

ANS: – Integrating Prisma Cloud with AWS Security Hub centralizes security visibility, enabling you to monitor security and compliance risks across your AWS cloud environment from a single console. This integration lets you receive detailed insights and alerts from Prisma Cloud directly within AWS Security Hub, providing a unified view of resource misconfigurations, compliance violations, network security risks, and anomalous user activities. This enhanced visibility helps streamline security operations and ensures a more robust security posture.

2. Can I customize the alerts sent from Prisma Cloud to AWS Security Hub?

ANS: – Yes, you can customize the alerts sent from Prisma Cloud to AWS Security Hub. In Prisma Cloud, you can create new alert rules or modify existing ones to specify the conditions under which alerts should be generated. Additionally, you can configure the alert notifications to be sent to AWS Security Hub, ensuring that the alerts align with your specific security requirements and policies.

WRITTEN BY Bhupesh .

Bhupesh is a Senior Research Associate at CloudThat, with deep expertise in cloud computing, especially AWS. He excels in designing, deploying, and optimizing solutions using AWS services and is adept at leveraging Terraform and other modern infrastructure-as-code tools to achieve robust, scalable architectures. Known for his outstanding communication and teamwork, Bhupesh consistently drives innovation within collaborative environments. His relentless pursuit of learning, passion for mastering new technologies, and proactive approach to solving complex challenges make him an invaluable asset to any cloud-focused team.