Configuring AWS Security Hub - AWS Service Management Connector

Configuring AWS Security Hub

AWS Security Hub enables users to view security findings from AWS services, such as Amazon Guard Duty, Amazon Inspector, as well as AWS Partner solutions.

If you use both AWS Security Hub and Jira Service Management (JSM), the AWS Service Management Connector for JSM allows you to create an automated, bidirectional integration between Security Hub and JSM. This two-way integration synchronizes your Security Hub findings and Jira issues.

Specifically, as a Jira administrator, you can use this integration to automatically create Jira issues from Security Hub findings. When you update those tickets in Jira, the changes are automatically replicated back to the original Security Hub findings. For example, when you resolve the issue in Jira, the workflow status of the Security Hub finding also changes to RESOLVED. This action ensures Security Hub always has up-to-date information about your security posture.

To configure AWS Security Hub integration features

  1. Enable AWS Security Hub. For more information, see Setting up AWS Security Hub with the Console.

  2. Set up an SQS queue to receive updated Findings. Name the queue AwsSmcJsmSecurityHubQueue to align with the default name in the JSM Connector Settings for the AWS Security Hub integration. For more information, see Getting started with Amazon SQS.

  3. Set up a Amazon EventBridge rule to detect changes to Findings and push these to the queue. For more information, see Getting started with Amazon EventBridge.

    The CloudWatch rule should have the following event pattern and should point to the SQS queue created in Step 2.

    "EventPattern":{ "source":[ "aws.securityhub" }
  4. You can also customize this CloudWatch Events rule to only pull in Security Hub findings that have specific finding types, severity labels, workflow statuses, or compliance statuses. For details about how to filter the event pattern, see Configuring an EventBridge rule for automatically sent findings in the AWS Security Hub User Guide.

Note

The Connector for Jira Service Management v1.9.0 - AWS Commercial Regions and Connector for Jira Service Management v1.9.0 - AWS GovCloud West Region AWS CloudFormation templates are available to automate the AWS Config custom resource and AWS Security Hub integration features.

AWS Security Hub - Bidirectional integration with Atlassian Jira Service Management

This video (8:40) describes how to set up a bidirectional integration with Atlassian Jira Service Management. This feature makes it easier for AWS Security Hub users to automatically create and update issues in Jira Service Management from AWS Security Hub findings and ensure that updates to those tickets are synced with the findings.