Review and Identify Unnecessary Config Rules to Reduce Security Hub Alerts

[sukeshreddyg]

User Story

As a Security Engineer,
I want to review the existing config rules and identify which ones are unnecessary, so that we can discuss and decide on actions to reduce the number of alerts sent to Security Hub.

Value / Purpose

By identifying unnecessary config rules, we can reduce the volume of alerts in Security Hub, which will help improve the efficiency of alert management and prioritization of critical findings.

Context / Background

It has been observed that several config rules were created a long time ago, and many of them may no longer be relevant or necessary. These rules are generating a high number of security findings, which are sent to Security Hub. Reviewing and identifying which rules are unnecessary will help us streamline the process and address alert overload.

Useful Contacts

No response

Additional Information

No response

Definition of Done

• A thorough review of all existing config rules is conducted.
• A list of config rules that are potentially unnecessary or redundant is created.
• The list is shared with the team for further discussion and evaluation.
• If the team agrees, the identified config rules will be removed.
• The list of unnecessary config rules is documented and made available for future action.