search
LoginStart for Free

AWS Security Hub Integration

Feed AWS Security Hub aggregated findings into ilert to consolidate alerts, automate incident routing, and unify multi-account security response.

AWS Security Hubarrow-up-right is a security service that provides a comprehensive view of security alerts and compliance status across AWS accounts by aggregating findings from various AWS services and third-party tools. When used with ilert, Security Hub’s alerts are instantly routed to the right team members through multi-channel notifications and escalation policies, ensuring rapid response to security threats.

hashtag
How this integration works

AWS Security Hub generates finding events that are relayed by AWS EventBridge. If AWS EventBridge rules match, notifications will be published to specific Amazon Simple Notification Service (SNS) topics; the events will be sent to ilert.

hashtag
Architecture

hashtag
In ilert: Create an Amazon SNS alert source

  1. Go to Alert sources -> Alert sources and click on Create new alert source

  2. Search for Amazon SNS in the search field, click on the Amazon SNS tile and click on Next.

  3. Give your alert source a name, optionally assign teams and click Next.

  4. Select an escalation policy by creating a new one or assigning an existing one.

  5. Select you Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.

  6. The next page show additional settings such as customer alert templates or notification prioritiy. Click on Finish setup for now.

  7. On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.

hashtag
In AWS Security Hub: Create a Custom action

  1. On the sidebar click on Custom actions.

  2. Click on Create custom action.

  1. Enter a Action name, Description and a Custom action ID.

hashtag
In AWS SNS: Create a topic and a Subscription

  1. On the sidebar navigate to Topics and click on Create topic.

  1. Select Standard and enter a Name.

  1. Save the topic.

  2. Now create a new Subscription for this topic.

  3. Select HTTPS as Protocol and Enter the in ilert previously generated alert source url as Endpoint.

  1. Click on Create subscription.

hashtag
In AWS EventBridge: Create an Event bus Rule

  1. On the sidebar click on Event buses and then on Create rule.

  1. Enter a Name for the rule.

  1. Enter following Event pattern and click on Next:

  1. Select the previous created topic as target.

  1. Click on Create rule to finish the setup.

hashtag
FAQ

Will alerts in ilert be resolved automatically?

No, but you can use the eventType custom attribute to resolve an incident in specified incidentKey.

PreviousAWS Personal Health Dashboard IntegrationNextAutotask Inbound Integration

Last updated

Was this helpful?