Configuring AWS Security Hub - AWS Service Catalog

Configuring AWS Security Hub

AWS Security Hub enables users to view security findings from AWS services such as Amazon Guard Duty, Amazon Inspector, as well as AWS Partner solutions.

To configure AWS Security Hub integration features

  1. Enable AWS SecurityHub. For details, see Setting up AWS SecurityHub with the Console.

  2. Set up an SQS queue to receive updated Findings. Name the queue AwsServiceManagementConnectorForSecurityHubQueue to align with the default name within the ServiceNow System Properties for the AWS Security Hub integration. For details, see Getting started with Amazon SQS.

  3. Setup a CloudWatch rule to detect changes to Findings and push these to the queue. For details, see Getting started with Amazon CloudWatch.

  4. The CloudWatch rule should have the following event pattern and should point to the SQS queue created in Step 2.

"EventPattern": { "source": [ "aws.securityhub" ], "detail-type": [ "Security Hub Findings - Imported", "Security Hub Findings - Custom Action" ] }

Note that the Connector for ServiceNow v3.5.2 - AWS Commercial Regions and Connector for ServiceNow v3.5.2 - AWS GovCloud Regions templates are available to automate the AWS Config custom resource and AWS Security Hub integration features.