I want to use AWS Security Hub to monitor security issues in my AWS environment.
Security Hub provides you with a detailed view of your security state and helps check your environment against security standards and best practices.
Benefits of Security Hub include:
For more information, see
Benefits of AWS Security Hub.
To automate remediation of specific findings, you can define custom actions to take when a finding is received.
Follow these instructions to create a custom action, define an EventBridge rule, and send findings.
If you haven't already done so, start the configuration recorder in AWS Config.
1. Open the Security Hub console, choose Settings, and then choose Custom actions.
2. Choose Create custom action.
3. Enter an Action name and Description.
4. For Custom action ID, enter a unique ID, and then choose Create custom action.
5. In Custom action ARN, take note of the ARN.
If you haven't already done so, create an Amazon Simple Notification Service (Amazon SNS) topic.
1. Open the EventBridge console in the same AWS Region as Security Hub, expand Events, and then choose Rules.
2. Choose Create rule.
3. Enter a Rule name and Description.
4. From the Event bus drop down menu, choose either the default or custom bus.
5. Make sure that the Enable the rule on the selected event bus switch is turned on.
6. For Rule type, choose Rule with an event pattern, and then choose Next.
7. For Event source, choose AWS events or EventBridge partner events.
8. In Event pattern, choose the following:
For Event source, choose AWS services.
For AWS service, choose Security Hub.
For Event type, choose Security Hub Findings - Custom Action, choose Specific custom action ARN(s), and then choose Next.
9. Choose the Select a target drop down menu, choose your target type, choose Next, Next, and then choose Create rule.
For more information, see Amazon EventBridge event patterns.
1. Open the Security Hub console, and then choose Findings.
2. Follow the instructions to send findings to EventBridge.
For more information, see Findings in AWS Security Hub.
How Security Hub works
AWS Security Hub endpoints and quotas