Resolution
----------

**Prerequisites:**

*   Confirm that you've [started the AWS Config configuration recorder](https://docs.aws.amazon.com/config/latest/developerguide/managing-recorder_console-start.html).
*   Confirm that you've [created a target for your EventBridge rule](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-targets.html), such as an Amazon SNS topic, AWS Lambda function, or other supported targets.

To automate remediation of Security Hub CSPM findings, create custom actions that send findings to Amazon EventBridge. EventBridge rules can then trigger automated responses through targets such as Lambda functions, SNS topics, or other AWS services.

### Create a custom action

[Create a custom action](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cwe-configure.html) in the Security Hub CSPM console.

### Define a rule in EventBridge

[Define a rule](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cwe-define-rule.html) in the EventBridge console.

### Send findings to EventBridge

After you create a custom action in the Security Hub CSPM console and define a rule in EventBridge, [send your finding to EventBridge](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cwe-send.html).

**Note:** If you created [cross-Region aggregation](https://docs.aws.amazon.com/securityhub/latest/userguide/finding-aggregation.html) and manage finding from the aggregation Region, then create custom actions in that Region. For more information, see [Findings in AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings.html).

Related information
-------------------

[What are Security Hub and Security Hub CSPM?](https://docs.aws.amazon.com/securityhub/latest/userguide/how-securityhub-works.html)

[AWS Security Hub CSPM endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/sechub.html)

[Benefits of AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html#securityhub-benefits)

I want to use AWS Security Hub CSPM to monitor security issues in my AWS environment.

Use Security Hub to monitor security issues

How can I use Security Hub to monitor security issues for my AWS environment?

Security, Identity, & Compliance

Announcing 4 new widgets on AWS Console Home - Security Hub, Ops summary, Patch compliance, and Managed instances

How can I check Firewall Manager security group policy findings using Security Hub?

Why did Security Hub initiate the finding "Lambda function policies should prohibit public access"?

How can I aggregate my Security Hub findings and security scores from multiple AWS Regions?

How do consolidated controls view and consolidated control findings affect my workflows?

Security hub issue

Request for Guidance on Incorporating SAST and DAST Tools in AWS CodePipeline.

Disable security hub control from audit accounts for all the accounts under the organization using Terraform

Supressed or Hide Items on Security Hub

Small Charge for Security Hub every day

How can I use Security Hub to monitor security issues for my AWS environment?

Resolution

Create a custom action

Define a rule in EventBridge

Send findings to EventBridge

Related information

Relevant content