What is the optional add-on to Security Hub that provides a ready-to-deploy architecture and automated playbooks?

The optional add-on to Security Hub that provides a ready-to-deploy architecture and automated playbooks is AWS Security Hub Automated Response and Remediation (SHARR). This solution enhances the capabilities of Security Hub by allowing organizations to automate responses to security findings. It includes predefined playbooks, which are sets of actions that can be triggered automatically based on specific security alerts or findings detected by Security Hub.

With SHARR, teams can streamline their incident response processes, reducing response times and improving overall security posture. The integration of automation within the playbook allows for consistent and efficient resolution of security issues, leveraging best practices for remediation and response.

In contrast, AWS GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior, while AWS Config is a service that enables assessment, auditing, and evaluation of the configurations of your AWS resources. AWS Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. However, none of these services specifically act as an add-on to Security Hub with the same functionality focused on automated response and remediation playbooks as SHARR does.