Preparing to send findings to Amazon Security Hub
As an APN Partner, you cannot send information to Security Hub for your customers until the Security Hub team enables you as a finding provider. To be enabled as a finding provider, you must complete the following onboarding steps. Doing so ensures a positive experience Security Hub for you and your customers.
As you complete the onboarding steps, be sure to follow the guidelines in Tenets for creating and updating findings, Guidelines for mapping findings into the Amazon Security Finding Format (ASFF), and Guidelines for using the BatchImportFindings API.
-
Map your security findings to the Amazon Security Finding Format (ASFF).
-
Build your integration architecture to push findings to the correct Regional Security Hub endpoint. To do this, you define whether you will send findings from your own Amazon account or from within your customer's accounts.
-
Have your customers subscribe the product to their account. To do this, they can use the console or the
EnableImportFindingsForProduct
API operation. See Managing product integrations in the Amazon Security Hub User Guide.You can also subscribe the product for them. To do this, you use a cross-account role to access the
EnableImportFindingsForProduct
API operation on behalf of the customer.This step establishes the resource policies that are needed to accept findings from that product for that account.
The following blog posts discuss some of the existing partner integrations with Security Hub.