Automate critical and the most frequently executed playbooks
Introduction
The humans you have on your security team are one of the most scarce resource in any organization. Security Automations allows your humans to focus on more important tasks while providing more consistence on Incident Response Playbook execution.
If your humans are only doing and not thinking on a task, that task is a good candidate for automation.
Automated Security Response on AWS
This solution deploys with a CloudFormation template a set of AWS step up workflows to automate incident response for common cases such as non compliances to CIS baseline findings. After the remediation the solution will update the finding in AWS Security Hub adding a note to indicate that it was remediated successfully.
https://aws.amazon.com/solutions/implementations/automated-security-response-on-aws
AWS Security Hub Automations
This feature allows you to automate an action on a finding based on the affected resouce the criticality of an asset