As mentioned previously, these security checks assess your accounts continuously against the security standards enabled—for example, the CIS AWS Foundations Benchmark. For each check, a severity level is given, as well as remediation instructions should you experience a failure on these checks. The following screenshot shows an example of the checks that are undertaken, in addition to the defined severity of each check:
As you can see, if someone was actively using the root account, this would be considered a CRITICAL severity level, and would be highlighted as a security risk. Also, you have the option to disable the checks that you do not want to include, should you need or ever want to do so.
So far, we've seen how Security Hub can help us identify security incidents through insights, findings, and security standards. But you'd be right in thinking that mere identification is not enough and remediation is important.