Available third-party partner product integrations - AWS Security Hub

Available third-party partner product integrations

AWS Security Hub is integrated with the following third-party products. For each provider, the table indicates whether the product sends findings to Security Hub, receives findings from Security Hub, or both.

If applicable, the table also specifies the product ARN. Integrations that send findings to Security Hub always have an ARN.

Note

Some integrations are not available in Africa (Cape Town), Europe (Milan), AWS GovCloud (US-East), or AWS GovCloud (US-West). If an integration is not supported, it is not listed on the console Integrations page.

If you have a security solution and are interested in becoming a Security Hub partner, send an email to . In the message, provide your company name, product name, AWS Partner Network (APN) tier level, and contact information. To become a Security Hub partner, you must be an APN Select Tier Partner or above.

To get started, from the Resources section of the Partners page, download the security onboarding documents. At a minimum, read through the Security Hub Partner Onboarding Guide and the Security Hub Partner FAQs. After you review the onboarding information, you can begin to work on your product manifest.

Company name

Product name

Integration types

Product ARN

Product description

Alert Logic

SIEMless ThreatManagement

Send

arn:aws:securityhub:<REGION>:733251395267:product/alertlogic/althreatmanagement

Get the right level of coverage: vulnerability and asset visibility, threat detection and incident management, AWS WAF, and assigned SOC analyst options.

Aqua Security

Aqua Cloud Native Security Platform

Send

arn:aws:securityhub:<REGION>::product/aquasecurity/aquasecurity

Aqua Cloud Native Security Platform (CSP) provides full lifecycle security for container-based and serverless applications, from your CI/CD pipeline to runtime production environments.

Armor

Armor Anywhere

Send

arn:aws:securityhub:<REGION>:679703615338:product/armordefense/armoranywhere

Armor Anywhere delivers managed security and compliance for AWS.

Atlassian

Ops Genie

Receive

Opsgenie is a modern incident management solution for operating always-on services, empowering dev and ops teams to plan for service disruptions and stay in control during incidents.

Integrating with Security Hub ensures that mission critical security-related incidents are routed to the appropriate teams for immediate resolution.

AttackIQ

AttackIQ

Send

arn:aws:securityhub:<REGION>::product/attackiq/attackiq-platform

AttackIQ Platform emulates real adversarial behavior aligned with the MITRE ATT&CK Framework to help validate and improve your overall security posture.

Barracuda Networks

Cloud Security Guardian

Send

arn:aws:securityhub:<REGION>:151784055945:product/barracuda/cloudsecurityguardian

Barracuda Cloud Security Sentry helps organizations stay secure while building applications in, and moving workloads to, the public cloud.

BigID

BigID Enterprise

Send

arn:aws:securityhub:<REGION>::product/bigid/bigid-enterprise

The BigID Enterprise Privacy Management Platform helps companies manage and protect sensitive data (PII) across all their systems.

Capitis Solutions

C2VS

Send

arn:aws:securityhub:<REGION>::product/capitis/c2vs

C2VS is a customizable compliance solution designed to automatically identify your application-specific misconfigurations and their root cause.

Caveonix

Caveonix RiskForesight.io

Send and receive

arn:aws:securityhub:<REGION>::product/caveonix/riskforesight-io

A SaaS risk mitigation platform that delivers automated compliance and hybrid-cloud security posture management for comprehensive workload protection.

Checkpoint

CloudGuard IaaS

Send

arn:aws:securityhub:<REGION>:758245563457:product/checkpoint/cloudguard-iaas

Check Point CloudGuard easily extends comprehensive threat prevention security to AWS while protecting assets in the cloud.

Checkpoint

Dome9 Arc

Send

arn:aws:securityhub:<REGION>:634729597623:product/checkpoint/dome9-arc

A SaaS platform that delivers verifiable cloud network security, advanced IAM protection, and comprehensive compliance and governance.

Cloud Custodian

Cloud Custodian

Send and receive

arn:aws:securityhub:<REGION>::product/cloud-custodian/cloud-custodian

Cloud Custodian enables users to be well managed in the cloud. The simple YAML DSL allows easily defined rules to enable a well-managed cloud infrastructure that's both secure and cost optimized.

CrowdStrike

CrowdStrike Falcon

Send

arn:aws:securityhub:<REGION>:517716713836:product/crowdstrike/crowdstrike-falcon

CrowdStrike Falcon's single lightweight sensor unifies next-generation antivirus, endpoint detection and response, and 24/7 managed hunting through the cloud.

CyberArk Privileged Threat Analytics

Send

arn:aws:securityhub:<REGION>:749430749651:product/cyberark/cyberark-pta Privileged Threat Analytics collect, detect, alert, and respond to high-risk activity and behavior of privileged accounts to contain in-progress attacks.

DisruptOps, Inc.

DisruptOPS

Send and receive

arn:aws:securityhub:<REGION>::product/disruptops-inc/disruptops

DisruptOps’ Security Operations Platform helps organizations maintain best security practices in your cloud through the use of automated guardrails.

FireEye

FireEye Helix

Receive

FireEye Helix is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix.

Forcepoint

Forcepoint CASB

Send

arn:aws:securityhub:<REGION>::product/forcepoint/forcepoint-casb

Forcepoint CASB allows you to discover cloud application use, analyze risk, and enforce appropriate controls for SaaS and custom applications.

Forcepoint

Forcepoint DLP

Send

arn:aws:securityhub:<REGION>::product/forcepoint/forcepoint-dlp

Forcepoint DLP addresses human-centric risk with visibility and control everywhere your people work and everywhere your data resides.

Forcepoint

Forcepoint NGFW

Send

arn:aws:securityhub:<REGION>::product/forcepoint/forcepoint-ngfw

Forcepoint NGFW lets you connect your AWS environment into your enterprise network with the scalability, protection, and insights needed to manage your network and respond to threats.

GuardiCore

Centra 4.0

Send

arn:aws:securityhub:<REGION>:324264561773:product/guardicore/guardicore

GuardiCore Centra provides flow visualization, micro-segmentation, and breach detection for workloads in modern data centers and clouds.

GuardiCore

Infection Monkey

Send

arn:aws:securityhub:<REGION>:324264561773:product/guardicore/aws-infection-monkey

Infection Monkey is an attack simulation tool designed to test networks against attackers.

IBM

QRadar

Send and receive

arn:aws:securityhub:<REGION>:949680696695:product/ibm/qradar-siem

IBM QRadar SIEM provides security teams with the ability to quickly and accurately detect, prioritize, investigate, and respond to threats.

McAfee

MVISION Cloud for AWS

Send

arn:aws:securityhub:<REGION>:297986523463:product/mcafee-skyhigh/mcafee-mvision-cloud-aws

McAfee MVISION Cloud for Amazon Web Services is a comprehensive monitoring, auditing, and remediation solution for your AWS environment.

PagerDuty

PagerDuty

Receive

PagerDuty's digital operations management platform empowers teams to proactively mitigate customer-impacting issues by automatically turning any signal into the right insight and action.

AWS users can use PagerDuty’s set of AWS integrations to scale their AWS and hybrid environments with confidence.

When coupled with AWS Security Hub’s aggregated and organized security alerts, PagerDuty allows teams to automate their threat response process and quickly set up custom actions to prevent potential issues.

PagerDuty users undertaking a cloud migration project can move quickly, while decreasing the impact of issues that occur throughout the migration lifecycle.

Palo Alto Networks

Demisto Enterprise AMI

Receive

Demisto is a Security Orchestration, Automation, and Response (SOAR) platform that integrates with your entire security product stack to accelerate incident response and security operations.

Palo Alto Networks

RedLock

Send

arn:aws:securityhub:<REGION>:188619942792:product/paloaltonetworks/redlock

Protects your AWS deployment with cloud security analytics, advanced threat detection, and compliance monitoring.

Qualys

Vulnerability Management

Send

arn:aws:securityhub:<REGION>:805950163170:product/qualys/qualys-vm

Qualys Vulnerability Management (VM) continuously scans and identifies vulnerabilities, protecting your assets.

Rackspace

Cloud Native Security

Receive

Managed security services on top of native AWS security products for 24x7x365 monitoring by Rackspace SOC, advanced analysis, and threat remediation.

Rapid7

InsightConnect

Receive

Rapid7’s InsightConnect is a security orchestration and automation solution that enables your team to optimize SOC operations with little to no code.

Rapid7

InsightVM

Send

arn:aws:securityhub:<REGION>:336818582268:product/rapid7/insightvm

Rapid7 InsightVM provides vulnerability management for modern environments, allowing you to efficiently find, prioritize, and remediate vulnerabilities.

RSA

RSA Archer

Receive

RSA Archer IT & Security Risk Management allows you to determine which assets are critical to your business, establish and communicate security policies and standards, detect and respond to attacks, identify and remediate security deficiencies, and establish clear IT risk management best practices.

ServiceNow

ITSM

Receive

The ServiceNow Security Hub integration allows security findings from Security Hub to be viewed within ServiceNow ITSM.

Slack

Slack

Receive

Slack is a layer of the business technology stack that brings together people, data, and applications. It is a single place where people can effectively work together, find important information, and access hundreds of thousands of critical applications and services to do their best work.

Sophos

Server Protection

Send

arn:aws:securityhub:<REGION>:062897671886:product/sophos/sophos-server-protection

Sophos Server Protection defends the critical applications and data at the core of your organization, using comprehensive defense-in-depth techniques.

Splunk

Splunk Enterprise

Receive

arn:aws:securityhub:<REGION>:112543817624:product/splunk/splunk-enterprise

Splunk uses Amazon CloudWatch Events as a consumer of Security Hub findings. Send your data to Splunk for advanced security analytics and SIEM.

Splunk

Splunk Phantom

Receive

With the Splunk Phantom App for AWS Security Hub, findings are sent to Phantom for automated context enrichment with additional threat intelligence information or to perform automated response actions.

Sumo Logic

Machine Data Analytics

Send

arn:aws:securityhub:<REGION>:956882708938:product/sumologicinc/sumologic-mda

Sumo Logic is a secure, machine data analytics platform that enables DevSecOps teams build, run, and secure their AWS applications.

Symantec

Cloud Workload Protection

Send

arn:aws:securityhub:<REGION>:754237914691:product/symantec-corp/symantec-cwp

Cloud Workload Protection provides complete protection for your Amazon EC2 instances with antimalware, intrusion prevention, and file integrity monitoring.

Tenable

Tenable.io

Send

arn:aws:securityhub:<REGION>:422820575223:product/tenable/tenable-io

Accurately identify, investigate, and prioritize vulnerabilities. Managed in the cloud.

Turbot

Turbot

Receive

Turbot ensures that your cloud infrastructure is secure, compliant, scalable, and cost optimized.

Twistlock

Enterprise Edition

Send

arn:aws:securityhub:<REGION>:496947949261:product/twistlock/twistlock-enterprise

Twistlock is a cloud native cybersecurity platform that protects VMs, containers, and serverless platforms.

Vectra AI

Cognito Detect

Send

arn:aws:securityhub:<REGION>::product/vectra-ai/cognito-detect

Vectra is transforming cybersecurity by applying advanced AI to detect and respond to hidden cyberattackers before they can steal or cause damage.