AWS Security Hub now supports Amazon Route 53 Resolver DNS Firewall, allowing you to receive security findings for DNS queries made from your Amazon VPCs for domains suspected as malicious or identified as low-reputation. Route 53 Resolver DNS Firewall is a managed firewall that enables you to block DNS queries made for malicious domains and to allow queries for trusted domains.
Today, AWS Security Hub gives you a comprehensive view of your security alerts and compliance status across your AWS accounts. This integration allows you to enable three new finding types for Security Hub. You can now receive security findings for queries blocked or alerted on for domains associated with AWS Managed Domain Lists, customer domain lists, and threats identified by Route 53 Resolver DNS Firewall Advanced. With this launch, you now have a single place to view security findings for your accounts that may be associated with malicious DNS queries, alongside findings from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie.
The feature is available in all AWS Regions where Amazon Route 53 Resolver DNS Firewall is available. See here
for the list of AWS Regions where Route 53 Resolver DNS Firewall is available. To learn more about AWS Security Hub capabilities, see the AWS Security Hub documentation
. To learn more about Route 53 Resolver DNS Firewall, see the product page
or documentation
.