AWS Security Hub vs. Grafana OnCall

I don't think there's yet a perfect tool in this category of security and incident aggregators, but AWS Security Hub is an excellent tool for having visibility into our overall security posture. It is a great aggregator for many AWS services but also for third party security tools with which it integrates really well.

Incentivized

Setting up the Grafana OnCall configuration is from the UI is a little bit complex, you need to create an integration, from there an escalation chain ann after that you need to change the template for the notificaion. Also the documentation is not entirely clear, particularly the section on provisioning with Terraform, because production stack is provisioned with infra structure as code.

Incentivized

• Brings together the security related AWS tools in one dashboard
• Allows to pick and chose which AWS security tools to use
• Clean UI

Incentivized

• Interface and information visualization
• Escalations process with useful IF, ELSE alerting logic
• Simple integration with wide list of data sources and using of webhooks for non-supported sources.

Incentivized

• Not easy to read past data, especially once it moves into Glacier deep storage
• performance is somewhat sluggish ... other systems are much faster to analyze data
• Doesn't always provide a remediation solution or suggested fix like other 3rd party tools like Qualys.
• It's hard to get the initial configuration and enrollment completed as there's a lot of manual intervention for every configured rule that needs to be enabled
• alerts are often times delayed

Incentivized

• it's a little complex to set up
• landline phone numbers cannot be validated, only mobile numbers
• Documentation is not entirely clear, particularly the section on provisioning with Terraform.

Incentivized

AWS always good with usability and same here for AWS Security Hub. A lot of good documentation is available to read and configure your own. We also started with looking at the videos and documentation to configure automation for our compliance checks. And to configure there are very less steps to be followed which is a very good thing for faster configuration.

Incentivized

setting up the Grafana OnCall functionality is complex but if you setup this and you know how to setup then the rest is easy. IAC is provided with terraform The UI for the alert groups shows the alerts in one view and from there you can go to the relevant alert trigger to solve the problems.

Incentivized

AWS Security Hub is it's own unique program that I have used. I haven't used anything similar to it and it was worth it to try out. However, for those that want to keep for long, it will be very heavy in term of budget and resource that they have to provide.

Incentivized

Unlike Grafana OnCall tool Splunk On-Call solution looks more complicated and noticeably inferior in the visualization of the information presented (UI is not user friendly). Alerts re-route process looks totally illogical and you need some time to get with it. However Splunk On-Call looks more featurable out-of-box and has iOS and Android apps while Grafana OnCall provides a general dashboard apps only.

Incentivized

• The automated compliance test helped us a lot to get PCIDSS certified so it was a very good return for our investments.
• Some third party tools we were using were not available for AWS Security Hub automated testing.
• Easy to configure for faster security automations but if we need detailed reports we should add more tools.

Incentivized

• Reducing services downtime.
• Better users loyalty as a result of improving of intra-departments collaboration.
• Reducing the load of Service Desk.

Incentivized