AWS Security Hub now supports integrations with IBM QRadar (a security information and event management or SIEM platform), Slack (a chat and instant messaging product), ServiceNow ITSM (a ticketing system), and ServiceNow SecOps (a security orchestration, automation, and response or SOAR system).
Each of these integrations helps Security Hub customers take action on findings and provides a simple way to send findings from Security Hub to the partner’s product. Setting up the integration only requires deployment of an AWS CloudFormation template.
The IBM QRadar integration with AWS Security Hub also supports sending findings from QRadar to Security Hub. To learn more, visit the Integration pages in the Security Hub console and click on the “Configuration” link for the partner to learn more about the integration and how to set it up.
About AWS Security Hub
Available globally, AWS Security Hub gives you a comprehensive view of your high priority security alerts and compliance status across your AWS accounts. With AWS Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, and AWS Identity and Access Management (IAM) Access Analyzer, as well as from AWS Partner solutions.
AWS Security Hub enables you to continuously monitor your environment using automated compliance checks based on the AWS best practices and industry standards, such as the CIS AWS Foundations Benchmark. You can also take action on these security and compliance findings by investigating them using Amazon Detective and by using Security Hub’s integration with Amazon CloudWatch Events to send the findings to ticketing tools, chat systems, SIEM platforms, SOAR systems, and to custom remediation playbooks structured as Lambda functions.
To learn more about AWS Security Hub capabilities, see the AWS Security Hub documentation.