Skip to content

Commit 8e2c355

Browse files
brijesh-elasticbrijesh-elastic
authored
aws: Rebrand AWS Security Hub to AWS Security Hub CSPM
The changes include display names, reference links, documentation and dashboards to align with the new brand name. This adds a breaking change, as it involves updating the `observer.vendor` value to `AWS Security Hub CSPM`.
1 parent 0ad3e29 commit 8e2c355

32 files changed

+1059
-453
lines changed

packages/aws/_dev/build/docs/README.md

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -30,20 +30,20 @@ The AWS integration uses different AWS API to bootstrap and collect metrics and
3030

3131
Each of these APIs may generate extra charges on your AWS Account. Refer to [AWS Pricing](https://aws.amazon.com/pricing) for more information.
3232

33-
| AWS API Name | AWS API Count | Frequency | Datastream |
34-
|------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------|----------------------|
35-
| IAM ListAccountAliases | 1 | Once on startup | all |
36-
| STS GetCallerIdentity | 1 | Once on startup | all |
37-
| EC2 DescribeRegions | 1 | Once on startup | all |
38-
| CloudWatch ListMetrics | Total number of results / ListMetrics max page size (500, based on [AWS API ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) | Per region per collection period | metrics related only |
39-
| CloudWatch GetMetricData | Total number of results / GetMetricData max page size (500, based on [AWS API GetMetricData](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html) | Per region per namespace per collection period | metrics related only |
40-
| CloudWatch DescribeLogGroups | Total number of results / DescribeLogGroups max page size (50, based on [AWS API DescribeLogGroups](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogGroups.html) | Per region per collection period | logs related only |
41-
| CloudWatch FilterLogEvents | Total number of results / FilterLogEvents max page size (1MB or 10'0000 events, based on [AWS API FilterLogEvents](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html) | Per log group per region per collection period | logs related only |
42-
| CostExplorer GetCostAndUsage | Total number of results / GetCostAndUsage max page size (8192, based on [AWS API GetCostAndUsage](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetCostAndUsage.html) | Per CostExplorer Group Definition per region per collection period | AWS Billing |
43-
| S3 ListObjectsV2 | Total number of results / ListObjectsV2 max page size (up to 1,000, based on [AWS API FilterLogEvents](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) | Per bucket per region per collection period | logs related only |
44-
| S3 GetObject | 1 | Per object per collection period | logs related only |
45-
| SecurityHub GetFindings | Total number of results / GetFindings max page size ( 100, based on [AWS API GetFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html) | Per region per collection period | AWS Security Hub | |
46-
| SecurityHub GetInsights | Total number of results / GetInsights max page size ( 100, based on [AWS API GetInsights](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetInsights.html) | Per region per collection period | AWS Security Hub | |
33+
| AWS API Name | AWS API Count | Frequency | Datastream |
34+
|------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------|-----------------------|
35+
| IAM ListAccountAliases | 1 | Once on startup | all |
36+
| STS GetCallerIdentity | 1 | Once on startup | all |
37+
| EC2 DescribeRegions | 1 | Once on startup | all |
38+
| CloudWatch ListMetrics | Total number of results / ListMetrics max page size (500, based on [AWS API ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) | Per region per collection period | metrics related only |
39+
| CloudWatch GetMetricData | Total number of results / GetMetricData max page size (500, based on [AWS API GetMetricData](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html) | Per region per namespace per collection period | metrics related only |
40+
| CloudWatch DescribeLogGroups | Total number of results / DescribeLogGroups max page size (50, based on [AWS API DescribeLogGroups](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogGroups.html) | Per region per collection period | logs related only |
41+
| CloudWatch FilterLogEvents | Total number of results / FilterLogEvents max page size (1MB or 10'0000 events, based on [AWS API FilterLogEvents](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html) | Per log group per region per collection period | logs related only |
42+
| CostExplorer GetCostAndUsage | Total number of results / GetCostAndUsage max page size (8192, based on [AWS API GetCostAndUsage](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetCostAndUsage.html) | Per CostExplorer Group Definition per region per collection period | AWS Billing |
43+
| S3 ListObjectsV2 | Total number of results / ListObjectsV2 max page size (up to 1,000, based on [AWS API FilterLogEvents](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) | Per bucket per region per collection period | logs related only |
44+
| S3 GetObject | 1 | Per object per collection period | logs related only |
45+
| SecurityHub GetFindings | Total number of results / GetFindings max page size ( 100, based on [AWS API GetFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html) | Per region per collection period | AWS Security Hub CSPM | |
46+
| SecurityHub GetInsights | Total number of results / GetInsights max page size ( 100, based on [AWS API GetInsights](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetInsights.html) | Per region per collection period | AWS Security Hub CSPM | |
4747
| SQS ReceiveMessage | 1 | Every 20s minimum (more frequent if messages are waiting) | logs related only (S3 notifications) |
4848
| SQS DeleteMessage | 1 | Once per received message | logs related only (S3 notifications) |
4949
| SQS ChangeMessageVisibility | 1 | When message processing exceeds 150s | logs related only (S3 notifications) |

packages/aws/_dev/build/docs/securityhub.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
1-
# Security Hub
1+
# Security Hub CSPM
22

3-
The [AWS Security Hub](https://docs.aws.amazon.com/securityhub/) integration collects and parses data from AWS Security Hub REST APIs.
3+
The [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/) integration collects and parses data from AWS Security Hub REST APIs.
44

55
**IMPORTANT: Extra AWS charges on API requests will be generated by this integration. Check [API Requests](https://www.elastic.co/docs/current/integrations/aws#api-requests) for more details.**
66

packages/aws/changelog.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,11 @@
11
# newer versions go on top
2+
- version: "5.0.0"
3+
changes:
4+
- description: |
5+
Rebrand AWS Security Hub as AWS Security Hub CSPM to align with the vendor's current branding.
6+
This change involves updating the `observer.vendor` value to `AWS Security Hub CSPM`.
7+
type: breaking-change
8+
link: https://github.com/elastic/integrations/pull/16195
29
- version: "4.7.0"
310
changes:
411
- description: |

packages/aws/data_stream/securityhub_findings/_dev/test/pipeline/test-securityhub-findings.log-expected.json

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -397,7 +397,7 @@
397397
"protocol": "tcp"
398398
},
399399
"observer": {
400-
"vendor": "AWS Security Hub"
400+
"vendor": "AWS Security Hub CSPM"
401401
},
402402
"organization": {
403403
"name": "AWS"
@@ -875,7 +875,7 @@
875875
"protocol": "tcp"
876876
},
877877
"observer": {
878-
"vendor": "AWS Security Hub"
878+
"vendor": "AWS Security Hub CSPM"
879879
},
880880
"organization": {
881881
"name": "AWS"
@@ -1096,7 +1096,7 @@
10961096
"id": "xxx"
10971097
},
10981098
"observer": {
1099-
"vendor": "AWS Security Hub"
1099+
"vendor": "AWS Security Hub CSPM"
11001100
},
11011101
"organization": {
11021102
"name": "AWS"
@@ -1235,7 +1235,7 @@
12351235
]
12361236
},
12371237
"observer": {
1238-
"vendor": "AWS Security Hub"
1238+
"vendor": "AWS Security Hub CSPM"
12391239
},
12401240
"organization": {
12411241
"name": "AWS"
@@ -1412,7 +1412,7 @@
14121412
"id": "arn:aws:ec2:ap-south-1:111111111111:instance/i-0e2ede89308a594d7"
14131413
},
14141414
"observer": {
1415-
"vendor": "AWS Security Hub"
1415+
"vendor": "AWS Security Hub CSPM"
14161416
},
14171417
"organization": {
14181418
"name": "AWS"
@@ -1569,7 +1569,7 @@
15691569
]
15701570
},
15711571
"observer": {
1572-
"vendor": "AWS Security Hub"
1572+
"vendor": "AWS Security Hub CSPM"
15731573
},
15741574
"organization": {
15751575
"name": "AWS"
@@ -1740,7 +1740,7 @@
17401740
]
17411741
},
17421742
"observer": {
1743-
"vendor": "AWS Security Hub"
1743+
"vendor": "AWS Security Hub CSPM"
17441744
},
17451745
"organization": {
17461746
"name": "AWS"
@@ -1900,7 +1900,7 @@
19001900
]
19011901
},
19021902
"observer": {
1903-
"vendor": "AWS Security Hub"
1903+
"vendor": "AWS Security Hub CSPM"
19041904
},
19051905
"organization": {
19061906
"name": "AWS"
@@ -2060,7 +2060,7 @@
20602060
]
20612061
},
20622062
"observer": {
2063-
"vendor": "AWS Security Hub"
2063+
"vendor": "AWS Security Hub CSPM"
20642064
},
20652065
"organization": {
20662066
"name": "AWS"
@@ -2223,7 +2223,7 @@
22232223
]
22242224
},
22252225
"observer": {
2226-
"vendor": "AWS Security Hub"
2226+
"vendor": "AWS Security Hub CSPM"
22272227
},
22282228
"orchestrator": {
22292229
"cluster": {
@@ -2374,7 +2374,7 @@
23742374
]
23752375
},
23762376
"observer": {
2377-
"vendor": "AWS Security Hub"
2377+
"vendor": "AWS Security Hub CSPM"
23782378
},
23792379
"organization": {
23802380
"name": "AWS"
@@ -2526,7 +2526,7 @@
25262526
]
25272527
},
25282528
"observer": {
2529-
"vendor": "AWS Security Hub"
2529+
"vendor": "AWS Security Hub CSPM"
25302530
},
25312531
"organization": {
25322532
"name": "AWS"
@@ -2687,7 +2687,7 @@
26872687
]
26882688
},
26892689
"observer": {
2690-
"vendor": "AWS Security Hub"
2690+
"vendor": "AWS Security Hub CSPM"
26912691
},
26922692
"organization": {
26932693
"name": "AWS"
@@ -2889,7 +2889,7 @@
28892889
]
28902890
},
28912891
"observer": {
2892-
"vendor": "AWS Security Hub"
2892+
"vendor": "AWS Security Hub CSPM"
28932893
},
28942894
"organization": {
28952895
"name": "AWS"
@@ -3087,7 +3087,7 @@
30873087
]
30883088
},
30893089
"observer": {
3090-
"vendor": "AWS Security Hub"
3090+
"vendor": "AWS Security Hub CSPM"
30913091
},
30923092
"organization": {
30933093
"name": "AWS"
@@ -3354,7 +3354,7 @@
33543354
]
33553355
},
33563356
"observer": {
3357-
"vendor": "AWS Security Hub"
3357+
"vendor": "AWS Security Hub CSPM"
33583358
},
33593359
"organization": {
33603360
"name": "Amazon"

packages/aws/data_stream/securityhub_findings/elasticsearch/ingest_pipeline/default.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
description: Pipeline for processing AWS Security Hub Findings logs.
2+
description: Pipeline for processing AWS Security Hub CSPM Findings logs.
33
processors:
44
- remove:
55
field:
@@ -51,7 +51,7 @@ processors:
5151
ignore_missing: true
5252
- set:
5353
field: observer.vendor
54-
value: AWS Security Hub
54+
value: AWS Security Hub CSPM
5555
tag: set_observer_vendor
5656
- set:
5757
field: cloud.provider

packages/aws/data_stream/securityhub_findings/manifest.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
1-
title: Collect AWS Security Hub Findings logs from AWS
1+
title: Collect AWS Security Hub CSPM Findings logs from AWS
22
type: logs
33
streams:
44
- input: httpjson
5-
title: Collect AWS Security Hub Findings from AWS
6-
description: Collect AWS Security Hub Findings from AWS.
5+
title: Collect AWS Security Hub CSPM Findings from AWS
6+
description: Collect AWS Security Hub CSPM Findings from AWS.
77
template_path: httpjson.yml.hbs
88
vars:
99
- name: interval
1010
type: text
1111
title: Interval
12-
description: Interval to fetch AWS Security Hub Findings from AWS. (Interval should be greater than 1 hour.)
12+
description: Interval to fetch AWS Security Hub CSPM Findings from AWS. (Interval should be greater than 1 hour.)
1313
multi: false
1414
required: true
1515
show_user: true
@@ -24,7 +24,7 @@ streams:
2424
- name: initial_interval
2525
type: text
2626
title: Initial Interval
27-
description: How far back to pull the AWS Security Hub Findings from AWS. (Initial Interval should be greater than 1 hour.)
27+
description: How far back to pull the AWS Security Hub CSPM Findings from AWS. (Initial Interval should be greater than 1 hour.)
2828
default: 24h
2929
multi: false
3030
required: true

0 commit comments

Comments
 (0)