Users, roles, policies, access keys
Integration · AWS · multi-account
AWS posture, read-only and continuous.
IAM, Config, GuardDuty, CloudTrail, Sec Hub — normalized into a single control-tagged stream. No writes to your accounts. Cross-account read role with external ID, deployed in minutes via CFN.
Service catalog
Eight services in scope on day one
Add IAM Access Analyzer, Inspector, and custom Config rules from settings — no contract changes.
Account hierarchy, SCPs, delegated admin
API events, mgmt events, data events
Resource state, drift, compliance rules
Bucket exposure, encryption, lifecycle
Threats, anomalies, IOC matches
Aggregated findings across services
Key state, rotation, grants
Sample findings stream
Real signals, mapped to your controls
Every finding carries the AWS Sec Hub control reference and the corresponding control in your library — so SOC and GRC see the same item.
- Cross-account aggregation
- Severity normalized across services
- Auto-link to control + framework
- Suppression tracked with rationale
- highS3.1S3 bucket allows public readprod-events-archiveCC6.6
- highEC2.2Security group allows 0.0.0.0/0 on 22sg-073fa1...CC6.7
- medIAM.1User has unused active access key (>90d)iam-user/legacy-svcCC6.3
- medRDS.5RDS snapshot stored unencryptedsnap-cd23a...CC6.1
- lowKMS.1Customer key rotation older than 365 daysalias/data-prodCC6.1
Connector scope
Read-only by design
We never write to your accounts. Trust boundary is documented in your Org policies, not in our code.
Setup · <30 minutes
From zero to first sync
- 01
Create cross-account role
10-line CFN template, deploys via Stack Set or Terraform module.
- 02
Enable Config + GuardDuty
If not already on. We auto-enable in member accounts via SCPs.
- 03
Connect in BNB
Paste role ARN + external ID. First sync runs in <5 minutes.
- 04
Map findings to controls
Pre-built mappings load. Customize per your control library.
Wire AWS posture to your control library — read-only
See multi-account ingestion, Sec Hub roll-up, and control mapping in your tenant.