Your AWS account has been configured to satisfy the majority of the standards in the CIS AWS Foundations Benchmark and AWS Foundational Security Best Practices. These controls are verified at least daily by AWS SecurityHub, which provides a compliance dashboard for various frameworks. Certain controls cannot be automatically enforced but are monitored and generate system alerts.
Subscribing to Compliance Alerts
Custom CloudWatch Alarms are used to detect the violation of specific security controls. These alarms can be viewed by going to the CloudWatch service and browsing the Alarms section. You can subscribe to theses alerts by going to the Simple Notification Service (SNS), selecting the compliance-alarm topic, and then creating an "email" subscription to an external address. We recommend using an email alias or a Slack email-to-channel address to be able to easily share these alerts with your team.
Amazon GuardDuty
Amazon GuardDuty is a continuous security monitoring service. Amazon GuardDuty can help to identify unexpected and potentially unauthorized or malicious activity in your AWS environment. Healthcare Blocks reviews any "findings" on a regular basis and investigates and resolves any significant issues.