Editing automation rule order - Amazon Security Hub
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Editing automation rule order

An automation rule can be used to automatically update findings in Amazon Security Hub Cloud Security Posture Management (CSPM). For background information about how automation rules work, see Understanding automation rules in Security Hub CSPM.

After creating an automation rule, the delegated Security Hub CSPM administrator can edit the rule.

If you want to keep the rule criteria and actions the same, but change the order in which Security Hub CSPM applies an automation rule, you can edit just the rule order. Choose your preferred method, and follow the steps to edit rule order.

For instructions on editing the criteria or actions of an automation rule, see Editing automation rules.

Console
To edit automation rule order (console)

  1. Using the credentials of the Security Hub CSPM administrator, open the Amazon Security Hub Cloud Security Posture Management (CSPM) console at https://console.amazonaws.cn/securityhub/.

  2. In the navigation pane, choose Automations.

  3. Select the rule whose order you want to change. Choose Edit priority.

  4. Choose Move up to increase the rule's priority by one unit. Choose Move down to decrease the rule priority's by one unit. Choose Move to top to assign the rule an order of 1 (this gives the rule precedence over other existing rules).

Note

When you create a rule in the Security Hub CSPM console, Security Hub CSPM automatically assigns rule order based on the order of rule creation. The most recently created rule has the lowest numerical value for rule order and therefore applies first.

API
To edit automation rule order (API)

  1. Use the BatchUpdateAutomationRules operation from the Security Hub CSPM administrator account.

  2. For the RuleArn parameter, provide the ARN of the rule(s) whose order you want to edit.

  3. Modify the value of the RuleOrder field.

Note

If multiple rules have the same RuleOrder, Security Hub CSPM applies a rule with an earlier value for the UpdatedAt field first (that is, the rule which was most recently edited applies last).