Configuring AWS Security Hub in ServiceNow - AWS Service Management Connector

Configuring AWS Security Hub in ServiceNow

This section describes how to configure you AWS services in ServiceNow.

To configure AWS Security Hub integration features

  1. Enable AWS Security Hub. For more information, see Setting up AWS Security Hub with the Console.

  2. Set up an SQS queue to receive updated Findings. Name the queue, AwsServiceManagementConnectorForSecurityHubQueue, to align with the default name in the ServiceNow System Properties for the AWS Security Hub integration. For more information, see Getting started with Amazon SQS.

  3. Set up an Amazon EventBridge rule to detect changes to Findings and push these to the queue. For more information, see Getting started with Amazon EventBridge.

    The rule should have this event pattern and point to the SQS queue created in Step 2.

    "EventPattern": { "source": [ "aws.securityhub" ] }
  4. You can also customize this CloudWatch Events rule to only pull in Security Hub findings that have specific finding types, severity labels, workflow statuses, or compliance statuses. For details about how to filter the event pattern, see Configuring an EventBridge rule for automatically sent findings in the AWS Security Hub User Guide.

Note that the AWS CloudFormation templates for the Connector for ServiceNow 4.5.0 - AWS Commercial Regions and AWS GovCloud Regions. are available to automate the AWS Config custom resource and AWS Security Hub integration features.