Selecting a custom action for findings and insight results - Amazon Security Hub
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Selecting a custom action for findings and insight results

After you create Amazon Security Hub Cloud Security Posture Management (CSPM) custom actions and Amazon EventBridge rules, you can send findings and insight results to EventBridge for automatic management and processing.

Events are sent to EventBridge only in the account in which they are viewed. If you view a finding using an administrator account, the event is sent to EventBridge in the administrator account.

For Amazon API calls to be effective, the implementations of target code must switch roles into member accounts. This also means that the role you switch into must be deployed to each member where action is needed.

To send findings to EventBridge (console)

  1. Open the Amazon Security Hub Cloud Security Posture Management (CSPM) console at https://console.amazonaws.cn/securityhub/.

  2. Display a list of findings:

  3. Select the findings to send to EventBridge. You can select up to 20 findings at a time.

  4. From Actions, choose the custom action that aligns with the EventBridge rule to apply.

    Security Hub CSPM sends a separate Security Hub Findings - Custom Action event for each finding.

To send insight results to EventBridge (console)

  1. Open the Amazon Security Hub Cloud Security Posture Management (CSPM) console at https://console.amazonaws.cn/securityhub/.

  2. In the navigation pane, choose Insights.

  3. On the Insights page, choose the insight that includes the results to send to EventBridge.

  4. Select the insight results to send to EventBridge. You can select up to 20 results at a time.

  5. From Actions, choose the custom action that aligns with the EventBridge rule to apply.