Available third-party partner product integrations - AWS Security Hub

Available third-party partner product integrations

AWS Security Hub is integrated with the following third-party products. For each provider, the table indicates whether the product sends findings to Security Hub, receives findings from Security Hub, or both.

If applicable, the table also specifies the product ARN. Integrations that send findings to Security Hub always have an ARN.

Note

Some integrations are not available in Africa (Cape Town), Europe (Milan), AWS GovCloud (US-East), or AWS GovCloud (US-West). If an integration is not supported, it is not listed on the console Integrations page.

The China (Beijing) and China (Ningxia) Regions only support the following third-party integrations:

  • Cloud Custodian

  • FireEye Helix

  • Helecloud

  • IBM QRadar

  • PagerDuty

  • Palo Alto Networks Cortex XSOAR

  • Palo Alto Networks VM-Series

  • Prowler

  • RSA Archer

  • Splunk Enterprise

  • Splunk Phantom

  • ThreatModeler

If you have a security solution and are interested in becoming a Security Hub partner, send an email to . In the message, provide your company name, product name, AWS Partner Network (APN) tier level, and contact information. To become a Security Hub partner, you must be an APN Select Tier Partner or above.

To get started, read through the AWS Security Hub Partner Integration Guide. After you review the onboarding information, you can begin to work on your product manifest.

3CORESec – 3CORESec NTA

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/3coresec/3coresec

3CORESec provides managed detection services for both on-premises and AWS systems. Their integration with Security Hub allows visibility into threats such as malware, privilege escalation, lateral movement, and improper network segmentation.

Partner documentation

Alcide – kAudit

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/alcide/alcide-kaudit

Alcide is a Kubernetes security company that created a new kind of Kubernetes security solution. This new solution is designed specifically for complex multi-cluster Kubernetes environments. It works for all the stakeholders who operate and protect in this new era: DevOps, security teams and cloud architects.

Partner documentation

Alert Logic – SIEMless ThreatManagement

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:733251395267:product/alertlogic/althreatmanagement

Get the right level of coverage: vulnerability and asset visibility, threat detection and incident management, AWS WAF, and assigned SOC analyst options.

Partner documentation

Aqua Security – Aqua Cloud Native Security Platform

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/aquasecurity/aquasecurity

Aqua Cloud Native Security Platform (CSP) provides full lifecycle security for container-based and serverless applications, from your CI/CD pipeline to runtime production environments.

Partner documentation

Aqua Security – Kube-bench

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/aqua-security/kube-bench

Kube-bench is an open-source tool that runs the Center for Internet Security (CIS) Kubernetes Benchmark against your environment.

Partner documentation

Armor – Armor Anywhere

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:679703615338:product/armordefense/armoranywhere

Armor Anywhere delivers managed security and compliance for AWS.

Atlassian – Ops Genie

Integration type: Receive

Opsgenie is a modern incident management solution for operating always-on services, empowering dev and ops teams to plan for service disruptions and stay in control during incidents.

Integrating with Security Hub ensures that mission critical security-related incidents are routed to the appropriate teams for immediate resolution.

Partner documentation

AttackIQ – AttackIQ

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/attackiq/attackiq-platform

AttackIQ Platform emulates real adversarial behavior aligned with the MITRE ATT&CK Framework to help validate and improve your overall security posture.

Partner documentation

Barracuda Networks – Cloud Security Guardian

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:151784055945:product/barracuda/cloudsecurityguardian

Barracuda Cloud Security Sentry helps organizations stay secure while building applications in, and moving workloads to, the public cloud.

BigID – BigID Enterprise

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/bigid/bigid-enterprise

The BigID Enterprise Privacy Management Platform helps companies manage and protect sensitive data (PII) across all their systems.

Partner documentation

Blue Hexagon – Blue Hexagon for AWS

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/blue-hexagon/blue-hexagon-for-aws

Blue Hexagon is a real time threat detection platform. It uses deep learning principles to detect known and unknown threats, including malware and network anomalies.

Partner documentation

Capitis Solutions – C2VS

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/capitis/c2vs

C2VS is a customizable compliance solution designed to automatically identify your application-specific misconfigurations and their root cause.

Partner documentation

Checkpoint – CloudGuard IaaS

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:758245563457:product/checkpoint/cloudguard-iaas

Check Point CloudGuard easily extends comprehensive threat prevention security to AWS while protecting assets in the cloud.

Partner documentation

Checkpoint – Dome9 Arc

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:634729597623:product/checkpoint/dome9-arc

A SaaS platform that delivers verifiable cloud network security, advanced IAM protection, and comprehensive compliance and governance.

Cloud Custodian – Cloud Custodian

Integration type: Send and receive

Product ARN: arn:aws:securityhub:<REGION>::product/cloud-custodian/cloud-custodian

Cloud Custodian enables users to be well managed in the cloud. The simple YAML DSL allows easily defined rules to enable a well-managed cloud infrastructure that's both secure and cost optimized.

Partner documentation

cloudtamer.io – cloudtamer.io

Integration type: Send and receive

Product ARN: arn:aws:securityhub:<REGION>::product/cloudtamerio/cloudtamerio

cloudtamer.io is a complete cloud governance solution for AWS. cloudtamer.io gives stakeholders visibility into cloud operations and helps cloud users manage accounts, control budget and cost, and ensure continuous compliance.

CrowdStrike – CrowdStrike Falcon

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:517716713836:product/crowdstrike/crowdstrike-falcon

CrowdStrike Falcon's single lightweight sensor unifies next-generation antivirus, endpoint detection and response, and 24/7 managed hunting through the cloud.

CyberArk – Privileged Threat Analytics

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:749430749651:product/cyberark/cyberark-pta

Privileged Threat Analytics collect, detect, alert, and respond to high-risk activity and behavior of privileged accounts to contain in-progress attacks.

Partner documentation

DisruptOps, Inc. – DisruptOPS

Integration type: Send and receive

arn:aws:securityhub:<REGION>::product/disruptops-inc/disruptops

DisruptOps’ Security Operations Platform helps organizations maintain best security practices in your cloud through the use of automated guardrails.

FireEye – FireEye Helix

Integration type: Receive

FireEye Helix is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix.

Forcepoint – Forcepoint CASB

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/forcepoint/forcepoint-casb

Forcepoint CASB allows you to discover cloud application use, analyze risk, and enforce appropriate controls for SaaS and custom applications.

Partner documentation

Forcepoint – Forcepoint DLP

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/forcepoint/forcepoint-dlp

Forcepoint DLP addresses human-centric risk with visibility and control everywhere your people work and everywhere your data resides.

Partner documentation

Forcepoint – Forcepoint NGFW

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/forcepoint/forcepoint-ngfw

Forcepoint NGFW lets you connect your AWS environment into your enterprise network with the scalability, protection, and insights needed to manage your network and respond to threats.

Partner documentation

GuardiCore – Centra 4.0

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:324264561773:product/guardicore/guardicore

GuardiCore Centra provides flow visualization, micro-segmentation, and breach detection for workloads in modern data centers and clouds.

GuardiCore – Infection Monkey

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:324264561773:product/guardicore/aws-infection-monkey

Infection Monkey is an attack simulation tool designed to test networks against attackers.

Partner documentation

Helecloud – Managed Security

Integration type: Receive

HeleCloud is a Managed Services Provider, taking care of your AWS infrastructure so that you can focus on your core business.

IBM – QRadar

Integration type: Receive

arn:aws:securityhub:<REGION>:949680696695:product/ibm/qradar-siem

IBM QRadar SIEM provides security teams with the ability to quickly and accurately detect, prioritize, investigate, and respond to threats.

Partner documentation

McAfee – MVISION Cloud for AWS

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:297986523463:product/mcafee-skyhigh/mcafee-mvision-cloud-aws

McAfee MVISION Cloud for Amazon Web Services is a comprehensive monitoring, auditing, and remediation solution for your AWS environment.

Partner documentation

PagerDuty – PagerDuty

Integration type: Receive

PagerDuty's digital operations management platform empowers teams to proactively mitigate customer-impacting issues by automatically turning any signal into the right insight and action.

AWS users can use PagerDuty’s set of AWS integrations to scale their AWS and hybrid environments with confidence.

When coupled with AWS Security Hub’s aggregated and organized security alerts, PagerDuty allows teams to automate their threat response process and quickly set up custom actions to prevent potential issues.

PagerDuty users undertaking a cloud migration project can move quickly, while decreasing the impact of issues that occur throughout the migration lifecycle.

Partner documentation

Palo Alto Networks – Cortex XSOAR

Integration type: Receive

Cortex XSOAR is a Security Orchestration, Automation, and Response (SOAR) platform that integrates with your entire security product stack to accelerate incident response and security operations.

Partner documentation

Palo Alto Networks – Prisma Cloud Compute

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:496947949261:product/twistlock/twistlock-enterprise

Prisma Cloud Compute is a cloud native cybersecurity platform that protects VMs, containers, and serverless platforms.

Partner documentation

Palo Alto Networks – Prisma Cloud Enterprise

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:188619942792:product/paloaltonetworks/redlock

Protects your AWS deployment with cloud security analytics, advanced threat detection, and compliance monitoring.

Partner documentation

Palo Alto Networks – VM-Series

Integration type: Receive

Palo Alto VM-Series integration with AWS Security Hub collects threat intelligence and sends it to the VM-Series Next-gen firewall as an automatic security policy update that blocks malicious (IP address) activity.

Partner documentation

Prowler

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/prowler/prowler

Prowler is an open source security tool to perform AWS checks related to security best practices, hardening, and continuous monitoring.

Partner documentation

Qualys – Vulnerability Management

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:805950163170:product/qualys/qualys-vm

Qualys Vulnerability Management (VM) continuously scans and identifies vulnerabilities, protecting your assets.

Partner documentation

Rackspace – Cloud Native Security

Integration type: Receive

Managed security services on top of native AWS security products for 24x7x365 monitoring by Rackspace SOC, advanced analysis, and threat remediation.

Rapid7 – InsightConnect

Integration type: Receive

Rapid7’s InsightConnect is a security orchestration and automation solution that enables your team to optimize SOC operations with little to no code.

Partner documentation

Rapid7 – InsightVM

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:336818582268:product/rapid7/insightvm

Rapid7 InsightVM provides vulnerability management for modern environments, allowing you to efficiently find, prioritize, and remediate vulnerabilities.

Partner documentation

RSA – RSA Archer

Integration type: Receive

RSA Archer IT & Security Risk Management allows you to determine which assets are critical to your business, establish and communicate security policies and standards, detect and respond to attacks, identify and remediate security deficiencies, and establish clear IT risk management best practices.

Partner documentation

ServiceNow – ITSM

Integration type: Receive

The ServiceNow Security Hub integration allows security findings from Security Hub to be viewed within ServiceNow ITSM.

Partner documentation

Slack – Slack

Integration type: Receive

Slack is a layer of the business technology stack that brings together people, data, and applications. It is a single place where people can effectively work together, find important information, and access hundreds of thousands of critical applications and services to do their best work.

Partner documentation

Sophos – Server Protection

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:062897671886:product/sophos/sophos-server-protection

Sophos Server Protection defends the critical applications and data at the core of your organization, using comprehensive defense-in-depth techniques.

Partner documentation

Splunk – Splunk Enterprise

Integration type: Receive

Product ARN: arn:aws:securityhub:<REGION>:112543817624:product/splunk/splunk-enterprise

Splunk uses Amazon CloudWatch Events as a consumer of Security Hub findings. Send your data to Splunk for advanced security analytics and SIEM.

Partner documentation

Splunk – Splunk Phantom

Integration type: Receive

With the Splunk Phantom App for AWS Security Hub, findings are sent to Phantom for automated context enrichment with additional threat intelligence information or to perform automated response actions.

Partner documentation

StackRox – StackRox Kubernetes Security

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/stackrox/kubernetes-security

StackRox helps enterprises secure their container and Kubernetes deployments at scale by enforcing their compliance and security policies across the entire container life cycle – build, deploy, and run.

Sumo Logic – Machine Data Analytics

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:956882708938:product/sumologicinc/sumologic-mda

Sumo Logic is a secure, machine data analytics platform that enables DevSecOps teams build, run, and secure their AWS applications.

Partner documentation

Symantec – Cloud Workload Protection

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:754237914691:product/symantec-corp/symantec-cwp

Cloud Workload Protection provides complete protection for your Amazon EC2 instances with antimalware, intrusion prevention, and file integrity monitoring.

Partner documentation

Tenable – Tenable.io

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:422820575223:product/tenable/tenable-io

Accurately identify, investigate, and prioritize vulnerabilities. Managed in the cloud.

Partner documentation

ThreatModeler

Integration type: Receive

ThreatModeler is an automated threat modeling solution that secures and scales the enterprise software and cloud development life cycle.

Partner documentation

Turbot – Turbot

Integration type: Receive

Turbot ensures that your cloud infrastructure is secure, compliant, scalable, and cost optimized.

Partner documentation

Vectra AI – Cognito Detect

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/vectra-ai/cognito-detect

Vectra is transforming cybersecurity by applying advanced AI to detect and respond to hidden cyberattackers before they can steal or cause damage.

Partner documentation