Using custom actions to send findings and insight results to EventBridge

To use AWS Security Hub custom actions to send findings or insight results to Amazon EventBridge, you first create the custom action in Security Hub. Then, you can define rules in EventBridge that apply to your custom actions.

You can create up to 50 custom actions.

If you enable cross-Region aggregation, and manage findings from the aggregation Region, then create custom actions in the aggregation Region.

The rule in EventBridge uses the Amazon Resource Name (ARN) from the custom action.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Configuring a rule for Security Hub findings

Creating a custom action