Configure Dome9 as an AWS Security Hub provider

In this topic:

    You can configure Dome9 to send compliance notifications to the AWS Security Hub. This is for Continuous Compliance assessments only.

    In order to receive Dome9 notifications on the Secure Hub, you must onboard your AWS account to Dome9. To do this, follow the steps here. If you have already onboarded your AWS account, continue below.

    In order for Dome9 to send compliance notifications to the Secure Hub, you must add an IAM policy to your AWS account, and configure Continuous Compliance assessments in Dome9 with a Notification Policy.

    When this is configured, an issue will be created for each rule that fails in an assessment, for each bundle and cloud environment. If the same issue occurs in a subsequent assessment, for the same bundle and environment, a new issue is not created.

    To view Dome9 alerts on the Secure Hub, you must subscribe to Dome9 as a provider on the Secure Hub console.

    Configure an AWS IAM policy for Dome9

    Add this IAM policy in the AWS account that will receive alerts to the Secure Hub.

    1. In the AWS console, navigate to the IAM dashboard.
    2. Select Roles in the navigation pane on the left, and then select the Dome9-Connect role.
    3. Select the Permissions tab, and then click Attach policies.
    4. Click Create policy, and then select the JSON tab.
    5. Add the following policy block:
    { 
    "Version": "2012-10-17",
    "Statement": [
    {
    "Sid": "VisualEditor0",
    "Effect": "Allow",
    "Action": "securityhub:BatchImportFindings",
    "Resource": "*"
    }
    ]
    }

    Subscribe to the Dome9 provider in the Secure Hub

    1. In the AWS Secure Hub, navigate to the Settings page, and then select Providers.
    2. Select Dome9 Arc as a provider, and click Subscribe.
      SecureHub-subscribe.png

    Configure a Notification Policy on Dome9

    Add a notification policy in Dome9 to forward continuous compliance alerts to the Secure Hub.

    1. In the Dome9 console, navigate to the Continuous Compliance page in the Compliance & Governance menu.
    2. Click Manage Notifications, in the upper right. This will open the Notification Policy window, with a list of existing policies on the left, and a form to define a new policy on the right.
    3. If you want to configure notifications to AWS Secure Hub as part of an existing policy, select it from the list on the left, otherwise enter a name for a new policy.
    4. Check the option Send findings to AWS Secure Hub in the Security Management Systems section, and enter your AWS Cloud Account ID.

    5. Select a Region. This should be the region to which you are connected in AWS.
      Note: only some AWS regions support Secure Hub.
    6. Click Create.

    Configure multiple AWS accounts to a single Secure Hub

    You can associate other AWS accounts to a single (master) account, to view event notifications for all of them on the Secure Hub dashboard of the master account. This is done on the AWS Secure Hub console page.

    To do this, follow these steps:

    1. The associated accounts from which you want to see Dome9 events must be onboarded to Dome9 (if they are not, follow instructions here). 
    2. The associated accounts must be linked to the master account in AWS (in the Secure Hub console).
    3. Create a Dome9 Continuous Compliance Notification Policy that directs findings to the master account in the AWS Secure Hub, and apply this policy to each of the accounts, including the master account (see above).

     

    See also

    Continuous Compliance

    Onboard and AWS account