Using AWS Security Incident Response Events

You can create EventBridge rules to match these events and trigger automated actions. Here are some example use cases:

Match all AWS Security Incident Response events:



         {
           "source": ["aws.security-ir"]
         }

Match only case events:



         {
           "source": ["aws.security-ir"],
           "detail-type": [
             "Case Created",
             "Case Updated",
             "Case Closed",
             "Case Comment Created",
             "Case Comment Updated"
           ]
         }

Match cases updated by AWS Responders:



         {
           "source": ["aws.security-ir"],
           "detail-type": ["Case Updated"],
           "detail": {
             "updatedBy": ["AWS Responder"]
           }
         }

Match events for a specific case:



         {
           "source": ["aws.security-ir"],
           "detail": {
             "caseId": ["1234567890"]
           }
         }

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Membership Events

Tutorial: Sending Amazon Simple Notification Service alerts for Membership Updated events