Playbooks

A set of remediations is grouped into a package called a playbook. Playbooks are installed, updated, and removed using this solution’s templates. For information about supported remediations in each playbook, refer to Developer Guide → Playbooks. This solution currently supports the following playbooks:

Security Control, a playbook aligned with the Consolidated control findings feature of AWS Security Hub, published February 23, 2023.

Important
When Consolidated control findings are enabled in Security Hub, this is the only playbook that should be enabled in the solution.
Center for Internet Security (CIS) Amazon Web Services Foundations benchmarks, version 1.2.0, published May 18, 2018.
Center for Internet Security (CIS) Amazon Web Services Foundations benchmarks, version 1.4.0, published November 9, 2022.
Center for Internet Security (CIS) Amazon Web Services Foundations benchmarks, version 3.0.0, published May 13, 2024.
AWS Foundational Security Best Practices (FSBP) version 1.0.0, published March 2021.
Payment Card Industry Data Security Standards (PCI-DSS) version 3.2.1, published May 2018.
National Institute of Standards and Technology (NIST) version 5.0.0, published November 2023.

After deploying the solution’s CloudFormation stacks, the playbooks are ready to use immediately—no additional configuration is required to enable remediations for the Security Standards listed above.

Centralized logging

Automated Security Response on AWS logs to a single CloudWatch Logs group, SO0111-ASR. These logs contain detailed logging from the solution for troubleshooting and management of the solution.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Cross-account remediation

Notifications

Playbooks

Important

Centralized logging