AWS Security Hub Compliance Workbook: Comprehensive Security Posture Visualization Now Available

What Changed

Added comprehensive AWS Security Hub Compliance Workbook to the AWS Security Hub solution (v3.0.3). The workbook provides executive-level dashboards and operational analytics for security compliance tracking across multi-account AWS environments.

Workbook Features

The workbook delivers 10 visualization sections targeting SOC managers and security analysts:

Executive Summary: Total findings metrics, critical/high severity counts, failed compliance checks, monitored accounts, and distinct failing controls with KPI-style cards

Operational Analytics:

• Severity distribution (pie chart with color coding: CRITICAL=red, HIGH=orange, MEDIUM=yellow, LOW=blue)
• Compliance status breakdown (PASSED vs FAILED with trend analysis)
• Trend analysis over time by severity and compliance status
• Regional distribution (top 10 AWS regions by finding volume)

Compliance Intelligence:

• Top 20 failing security controls with detailed breakdown showing control ID, title, finding count, severity distribution, and affected accounts
• Compliance standards mapping (CIS, NIST, PCI, ISO, HIPAA, SOC 2) with pass/fail ratios
• Per-account security posture summary with compliance rates

Threat Surface Analysis:

• Top 15 resource types generating findings (IAM policies, EC2 instances, Security Groups, SQS queues)
• Service-specific views for IAM and EC2 security findings
• Latest 100 failed findings with drill-down capability

Interactive Filtering

Built-in parameter controls enable dynamic analysis:

• Time Range: Configurable from 1 hour to 90 days with custom range support
• AWS Account: Multi-select filtering across monitored accounts or view all
• AWS Region: Regional filtering for geographic compliance analysis
• Compliance Status: Filter by PASSED, FAILED, WARNING, NOT_AVAILABLE status

Detection Impact

The workbook enhances compliance monitoring by providing visual context for AWS Security Hub findings ingested via the existing CCF Data Connector. Organizations can now identify compliance gaps, track remediation progress, and demonstrate security posture improvements to stakeholders through standardized dashboards rather than manual KQL queries.

Affected Files

Solutions/AWS Security Hub/Package/testParameters.json
Solutions/AWS Security Hub/Workbooks/AWSSecurityHubComplianceWorkbook.json
Workbooks/Images/Logos/Aws.svg
Workbooks/Images/Preview/AWSSecurityHubComplianceWorkbook_black.png
Workbooks/Images/Preview/AWSSecurityHubComplianceWorkbook_white.png
Workbooks/WorkbooksMetadata.json
(packaging artefacts: 3.0.3.zip, ReleaseNotes.md, Solution_AWSSecurityHub.json, createUiDefinition.json, mainTemplate.json)