Automations - AWS Security Hub


Security Hub automations can help you quickly modify and remediate findings based on your specifications.

Security Hub currently supports two types of automations:

  • Automation rules – Automatically update and suppress findings in near real time based on criteria that you define.

  • Automated response and remediation – Create custom EventBridge rules that define automatic actions to take against specific findings and insights.

Automation rules apply before EventBridge rules. That is, automation rules are triggered and update a finding before it's sent to EventBridge. EventBridge rules then apply to the updated finding.

When setting up automations for security controls, we recommend filtering based on control ID rather than title or description. Whereas Security Hub occasionally updates control titles and descriptions, control IDs stay the same.