Disabling the flow of findings from a Security Hub CSPM integration - Amazon Security Hub
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Disabling the flow of findings from a Security Hub CSPM integration

Choose your preferred method, and follow the steps to disable the flow of findings from an Amazon Security Hub Cloud Security Posture Management (CSPM) integration.

Security Hub CSPM console
To disable the flow of findings from an integration (console)

  1. Open the Amazon Security Hub Cloud Security Posture Management (CSPM) console at https://console.amazonaws.cn/securityhub/.

  2. In the Security Hub CSPM navigation pane, choose Integrations.

  3. For integrations that send findings, the Status information indicates whether Security Hub CSPM is currently accepting findings from that integration.

  4. Choose Stop accepting findings.

Security Hub CSPM API

Use the DisableImportFindingsForProduct operation. If you're using the Amazon CLI, run the disable-import-findings-for-product command. To disable the flow of findings from an integration, you need the subscription ARN for the enabled integration. To obtain the subscription ARN, use the ListEnabledProductsForImport operation. If you're using the Amazon CLI, run the list-enabled-products-for-import.

For example, the following Amazon CLI command disables the flow of findings to Security Hub CSPM from the CrowdStrike Falcon integration. This example is formatted for Linux, macOS, or Unix, and it uses the backslash (\) line-continuation character to improve readability.

$ aws securityhub disable-import-findings-for-product --product-subscription-arn "arn:aws-cn:securityhub:us-west-1:123456789012:product-subscription/crowdstrike/crowdstrike-falcon"