Automation rules in EventBridge

Note

Security Hub is in preview release and is subject to change.

You can use automation rules in Amazon EventBridge, to respond to Security Hub findings. Security Hub sends findings to EventBridge as events in near real time. You can write basic rules that indicate what automated actions to take when an events match the rules. Actions that can be automatically triggered include the following:

Configuring an API destination in EventBridge.
Invoking Amazon EC2 run commands
Invoking Lambda functions
Invoking Step Functions state machines
Notifying an Amazon SNS topic or an Amazon SQS queue
Relaying events to Kinesis Data Streams
Sending a finding to a third-party ticketing, chat, SIEM, or incident response and management tool
Sending an event to an EventBridge bus in another AWS account

Security Hub sends new findings and updated findings to EventBridge as events. Then you configure EventBridge rules to respond to each Security Hub event. For more information, see What is EventBridge? in the EventBridge User Guide.

Note

As a best practice, make sure users with permission to access EventBridge use AWS Identity and Access Management policies that grant the minimum required permissions. For more information, see EventBridge and AWS Identity and Access Management in the EventBridge User Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Deleting automation rules

EventBridge event types