Amazon Security Hub console information - Amazon Security Hub
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Security Hub console information

Provide JSON text to the Amazon Security Hub team that contains the following information. Security Hub uses this information to create your product ARN, display the providers list in the console, and include your proposed managed insights in the Security Hub insight library.

Company information

The company information provides information about your company. Here's an example:

{ "id": "example", "name": "Example Corp", "description": "Example Corp is a network security company that monitors your network for vulnerabilities.", }

The company information contains the following fields:

Field

Required

Description

id

Yes

The company's unique identifier. The company identifier must be unique across companies.

This is likely the same as or similar to name.

Type: String

Minimum length: 5 characters

Maximum length: 24 characters

Allowed characters: lowercase letters, numbers, and hyphens

Must begin with a lowercase letter. Must end with a lower case letter or a number.

name

Yes

The name of the provider's company to be displayed on the Security Hub console.

Type: String

Maximum length: 16 characters

description

Yes

The description of the provider's company to be displayed on the Security Hub console.

Type: String

Maximum length: 200 characters

Product information

This section provides information about your product. Here's an example:

{ "IntegrationTypes": ["SEND_FINDINGS_TO_SECURITY_HUB"], "id": "example-corp-network-defender", "regionsNotSupported": "us-west-1", "commercialAccountNumber": "111122223333", "govcloudAccountNumber": "444455556666", "chinaAccountNumber": "777788889999", "name": "Example Corp Product", "description": "Example Corp Product is a managed threat detection service.", "importType": "BATCH_IMPORT_FINDINGS_FROM_CUSTOMER_ACCOUNT", "category": "Intrusion Detection Systems (IDS)", "marketplaceUrl": "marketplace_url", "configurationUrl": "configuration_url" }

The product information contains the following fields.

Field

Required

Description

IntegrationType

Yes

Indicates whether your product sends findings to Security Hub, receives findings from Security Hub, or both sends and receives findings.

If you are a Consulting Partner, leave this field blank.

Type: Array of string

Valid values: SEND_FINDINGS_TO_SECURITY_HUB | RECEIVE_FINDINGS_FROM_SECURITY_HUB

id

Yes

The product's unique identifier. These must be unique within a company. They do not need to be unique across companies. This is likely the same or similar as name.

Type: String

Minimum length: 5 characters

Maximum length: 24 characters

Allowed characters: lowercase letters, numbers, and hyphens

Must begin with a lowercase letter. Must end with a lower case letter or a number.

regionsNotSupported

Yes

Which of the following Amazon Regions do you not support? In other words, in which Regions should Security Hub not show you as an option in our partners page in the Security Hub console?

Type: String

Provide the Region code only. For example, us-west-1.

For a list of Regions, see Regional endpoints in the Amazon Web Services General Reference.

The Region codes for the Amazon GovCloud (US) are us-gov-west-1 (for Amazon GovCloud (US-West)) and us-gov-east-1 (for Amazon GovCloud (US-East)).

The Region codes for China Regions are cn-north-1 (for China (Beijing)) and cn-northwest-1 (for China (Ningxia)).

commercialAccountNumber

Yes

The primary Amazon account number for the product for the Amazon Regions.

If you send findings to Security Hub, then the account you provide is based on where you send the findings from.

  • From your Amazon account. In this case, provide the account number that you use to submit findings.

  • From the customer's Amazon account. In this case, Security Hub recommends that you provide the primary account number that you use to test the integration.

Ideally you will use the same account for all of your products across all Regions. If this is not possible, contact the Security Hub team.

If you only receive findings from Security Hub, this account number is not required.

Type: String

govcloudAccountNumber

No

The primary Amazon account number for the product for Amazon GovCloud (US) Regions (if your product is available in Amazon GovCloud (US)).

If you send findings to Security Hub, then the account you provide is based on where you send the findings from.

  • From your Amazon account. In this case, provide the account number that you use to submit findings.

  • From the customer's Amazon account. In this case, Security Hub recommends that you provide the primary account number that you use to test the integration.

Ideally you use the same account for all of your products across all Amazon GovCloud (US) Regions. If this is not possible, contact the Security Hub team.

If you only receive findings from Security Hub, this account number is not required.

Type: String

chinaAccountNumber

No

The primary Amazon account number for the product for China regions (if your product is available in the China regions).

If you send findings to Security Hub, then the account you provide is based on where you send the findings from.

  • From your Amazon account. In this case, provide the account number that you use to submit findings.

  • From the customer's Amazon account. In this case, Security Hub recommends that you provide the primary account number that you use to test the product integration.

Ideally you use the same account for all of your products across all China regions. If this is not possible, contact the Security Hub team.

If you only receive findings from Security Hub, this can be any account that you own in a China region.

Type: String

name

Yes

The name of the provider's product to display on the Security Hub console.

Type: String

Maximum length: 24 characters

description

Yes

The description of the provider's product to display on the Security Hub console.

Type: String

Maximum length: 200 characters

importType

Yes

The type of resource policy for the partner.

During the partner onboarding process, you can specify one of the following resource policies, or you can specify NEITHER.

  • With BATCH_IMPORT_FINDINGS_FROM_PRODUCT_ACCOUNT, you can only send findings to Security Hub from the account listed in your product ARN.

  • With BATCH_IMPORT_FINDINGS_FROM_CUSTOMER_ACCOUNT, you can only send findings from the customer account that subscribed to you.

Type: String

Valid values: BATCH_IMPORT_FINDINGS_FROM_PRODUCT_ACCOUNT | BATCH_IMPORT_FINDINGS_FROM_CUSTOMER_ACCOUNT |

NEITHER

category

Yes

The categories that define your product. Your selections are displayed on the Security Hub console.

Choose up to three categories.

Custom selections are not allowed. If you think your category is missing, contact the Security Hub team.

Type: Array

Available categories:

  • API Firewall

  • Asset Management

  • AV Scanning and Sandboxing

  • Backup and Disaster Recovery

  • Breach and Attack Simulation

  • Bug Bounty Platform

  • Certificate Management

  • Cloud Access Security Broker

  • Cloud Security Posture Management

  • Configuration and Patch Management

  • Configuration Management Database (CMDB)

  • Consulting Partner

  • Container Security

  • Cyber Range

  • Data Access Management

  • Data Classification

  • Data Loss Prevention

  • Data Masking and Tokenization

  • Database Activity Monitoring

  • DDoS Protection

  • Deception

  • Device Control

  • Dynamic Application Security Testing

  • Data Encryption

  • Email Gateway

  • Encrypted Search

  • Endpoint Detection and Response (EDR)

  • Endpoint Forensics

  • Forensics Toolkit

  • Fraud Detection

  • Governance, Risk, and Compliance (GRC)

  • Host-based Intrusion Detection (HIDs)

  • Human Resources Information System

  • Interactive Application Security Testing (IAST)

  • Instant Messaging

  • IoT Security

  • IT Security Training

  • IT Ticketing and Incident Management

  • Managed Security Service Provider (MSSP)

  • Micro-Segmentation

  • Multi-Cloud Management

  • Multi-Factor Authentication

  • Network Access Control (NAC)

  • Network Firewall

  • Network Forensics

  • Network Intrusion Detection Systems (IDS)

  • Network Intrusion Prevention Systems (IPS)

  • Phishing Simulation and Training

  • Privacy Operations

  • Privileged Access Management

  • Rogue Device Detection

  • Runtime Application Self-Protection (RASP)

  • Secure Web Gateway

marketplaceUrl

No

The URL to your product Amazon Web Services Marketplace destination. The URL is displayed in the Security Hub console.

Type: String

This must be an Amazon Web Services Marketplace URL.

If you do not have an Amazon Web Services Marketplace listing, leave this field blank.

configurationUrl

Yes

The URL to your product documentation about the integration with Security Hub. This content is hosted on your website or on a webpage that you manage, such as a GitHub page.

Type: String

Your documentation should include the following information.

  • Configuration instructions

  • Links to Amazon CloudFormation templates (if necessary)

  • Information about your use case for the integration

  • Latency

  • ASFF mapping

  • Types of findings included

  • Architecture