AWS Security Hub integration with Incident Response

AWS Security Hub provides you with a comprehensive view of the security state of your AWS resources. Security Hub collects security data from across AWS accounts and services, and helps you analyse your security trends to identify and prioritize the security issues across your AWS environment. ​This is a one-way integration, sending alerts to Incident Response.

What does Incident Response offer AWS Security Hub users?

Integrating AWS Security Hub with Incident Response will provide the users a consistent and reliable response workflow for the alerts triggered by AWS Security Hub.

Incident Response acts as a handler for these alerts and determines the right people to notify based on escalation policies, previously provided points of contact, and on-call schedules. Users are notified based on their notification preferences. Alerts are escalated until they are acknowledged or closed.

Functionality of the integration

For this integration, AWS EventBridge is used to capture the events from Security Hub and Amazon SNS service is used to send the notifications.​ Whenever any custom action is performed over any Finding or Insight in AWS Security Hub, an alert is created on the Lightstep Incident Response.