Metrics and alarms for AWS security hub for the CIS standard
This repo contains a cloudformation template which will create all of the needed log filters, metrics and alarms to conform with the CIS framework used by AWS Security hub.
I've packaged these up in Cloudformation and based them on the AWS quickstart example. It should be noted however that using the AWS quickstart will not work for Security hub because the metric filters do not exactly match that which is documented in the CIS document. Security hub needs an exact match to flag a standard as being compliant.
That should be it. Note that security hub only checks for compliance with CIS standards every 12 hours so you will need to wait until the next check to make sure your new metric filters and alarms are detected correctly by Security Hub.