Configuring AWS Security Hub in ServiceNow

This section describes how to configure your AWS services in ServiceNow.

To configure AWS Security Hub integration features

Enable AWS Security Hub. For more information, see Setting up AWS Security Hub with the Console.
Set up an SQS queue to receive updated Findings. Name the queue, AwsServiceManagementConnectorForSecurityHubQueue, to align with the default name in the ServiceNow System Properties for the AWS Security Hub integration. For more information, see Getting started with Amazon SQS.
Set up an Amazon EventBridge rule to detect changes to Findings and push these to the queue. For more information, see Getting started with Amazon EventBridge.

The rule should have this event pattern and point to the SQS queue created in Step 2.
```
"EventPattern": {

       "source": [

        "aws.securityhub"

        ]
}         
```
You can also customize this CloudWatch Events rule to only pull in Security Hub findings that have specific finding types, severity labels, workflow statuses, or compliance statuses. For details about how to filter the event pattern, see Configuring an EventBridge rule for automatically sent findings in the AWS Security Hub User Guide.

Note

You can use the AWS CloudFormation templates for the Connector for ServiceNow to automate the AWS Config custom resource and AWS Security Hub integration features. For more information, see Baseline Permissions.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS Security Hub

Configuring ServiceNow