How to receive email alert when compliance status changes to failed for particular test in security hub

Question

Hi, 
recently start exploring about security hub, but I was just wondering, is it possible to through anyway if we can receive an email for a particular test case if the compliance status for that test case changes to failed? 
for eg: one test case from foundation best practice, that no EC2 instance should alot with public IP.
so I want to get an alert if this test case gets failed, as someone launched an instance with public IP.

So if there is any way possible to achieve this, please let me know, any kind of help will be appreciable.

Accepted Answer

Security Hub automatically sends all new findings and all updates to existing findings to EventBridge as EventBridge events. You can also create custom actions that allow you to send selected findings and insight results to EventBridge.

So what you can do is configure an EventBridge rule for the specific finding that you're interested in and hook that up to an SNS topic and subscribe to that topic with your email address.  There is a section in the documentation ([Configuring an EventBridge rule for automatically sent findings](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cwe-all-findings.html)) that talks about how to do this for Security Hub.  There's a link in that documentation as well to the more general documentation around creating EventBridge rules: [Creating Amazon EventBridge rules that react to events](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-rule.html)

Answer

You can use this code for the above solution. https://asecure.cloud/a/detect-securityhub-findings/

How to receive email alert when compliance status changes to failed for particular test in security hub

相關內容