By using AWS re:Post, you agree to the Terms of Use

How to receive email alert when compliance status changes to failed for particular test in security hub

1

Hi, recently start exploring about security hub, but I was just wondering, is it possible to through anyway if we can receive an email for a particular test case if the compliance status for that test case changes to failed? for eg: one test case from foundation best practice, that no EC2 instance should alot with public IP. so I want to get an alert if this test case gets failed, as someone launched an instance with public IP.

So if there is any way possible to achieve this, please let me know, any kind of help will be appreciable.

1 Answer
1
Accepted Answer

Security Hub automatically sends all new findings and all updates to existing findings to EventBridge as EventBridge events. You can also create custom actions that allow you to send selected findings and insight results to EventBridge.

So what you can do is configure an EventBridge rule for the specific finding that you're interested in and hook that up to an SNS topic and subscribe to that topic with your email address. There is a section in the documentation (Configuring an EventBridge rule for automatically sent findings) that talks about how to do this for Security Hub. There's a link in that documentation as well to the more general documentation around creating EventBridge rules: Creating Amazon EventBridge rules that react to events

profile picture
answered 25 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions