Security Monitoring
Introduction
We actively monitor for security threats using various tools including AWS Security Hub, AWS GuardDuty, AWS Inspector, AWS Config and Security Operations Centre (SOC) Palo Alto Cortex XIAM.
Raising a new security issue
New issues should be raised in the internal repository - modernisation-platform-security and added to the Modernisation Platform GitHub project. Please note this is for security issues (misconfigurations or practices which need addressing) rather than security incidents. Security incidents should follow our incident management process.
Security Monitoring
| Monitoring | Description | How findings are reported | How to raise an issue |
|---|---|---|---|
| AWS Security Hub | AWS security tool installed on all organisation accounts and configured in the Modernisation Platform Security Baselines repository. | Platform alerts go into the #modernisation-platform-low-priority-alarms Slack channel. User application findings can be viewed in the application account or via the organisation-security account. | Platform issues should be raised as above, user issues should be raised with the application team. |
| AWS GuardDuty | AWS security tool installed on all organisation accounts and configured in the Modernisation Platform Security Baselines repository. | Platform alerts go into Security Hub. User application findings can be viewed in the application account or via the organisation-security account. | Platform issues should be raised as above, user issues should be raised with the application team. |
| AWS Config | AWS security tool installed on all organisation accounts and configured in the Modernisation Platform Security Baselines repository. | Platform alerts go into Security Hub. User application findings can be viewed in the application account or via the organisation-security account. | Platform issues should be raised as above, user issues should be raised with the application team. |
| AWS Inspector | AWS security tool installed on all organisation accounts and configured in the Modernisation Platform Security Baselines repository. | Platform alerts go into Security Hub. User application findings can be viewed in the application account or via the organisation-security account. | Platform issues should be raised as above, user issues should be raised with the application team. |
| SOC - Cortex XIAM | Intelligent AI driven tool which collates various logs including Cloudtrail, VPC Flowlogs and Route53 logs to detect security issues and incidents. | Findings are sent to the Modernisation Platform group email address. | Platform issues should be raised as above, user issues should be raised with the application team. |
Future Plans
We have work on our roadmap to integrate these tools to raise issues in GitHub directly so that we can manage security issues centrally in one place and not need to manually raise them.
This page was last reviewed on 14 May 2024.
It needs to be reviewed again on 14 November 2024
by the page owner #modernisation-platform
.
This page was set to be reviewed before 14 November 2024
by the page owner #modernisation-platform.
This might mean the content is out of date.