Amazon Firewall Manager integration with Amazon Security Hub
This page explains how to use Firewall Manager and Security Hub together.
Amazon Firewall Manager creates findings for resources that are out of compliance and for attacks that it detects, and it sends them to Amazon Security Hub. For information about Security Hub findings, see Findings in Amazon Security Hub.
When you use Security Hub and Firewall Manager, Firewall Manager automatically sends your findings to Security Hub. For information about getting started with Security Hub, see Setting Up Amazon Security Hub in the Amazon Security Hub User Guide.
Note
Firewall Manager only updates findings for policies that are under its management and for resources that it's monitoring.
Firewall Manager doesn't resolve findings for the following:
Policies that have been deleted.
Resources that have been deleted.
Resources that have gone out of scope of the Firewall Manager policy, for example due to tag change or policy definition change.
How do I view my Firewall Manager findings?
To view your Firewall Manager findings in Security Hub, follow the guidance at Working with Findings in Security Hub and create a filter using the following settings:
-
Attribute set to Product Name.
-
Operator set to EQUALS.
-
Value set to
Firewall Manager
. This setting is case sensitive.
Can I disable this?
You can disable the integration of Amazon Firewall Manager findings with Security Hub through the Security Hub console. Choose Integrations in the navigation bar, then in the Firewall Manager pane, choose Disable Integration. For more information, see the Amazon Security Hub User Guide.
Amazon Firewall Manager finding types
- Amazon WAF policy Firewall Manager findings
- Amazon Shield Advanced policy Firewall Manager findings
- Security group common policy Firewall Manager findings
- Security group content audit policy Firewall Manager findings
- Security group usage audit policy Firewall Manager findings
- Amazon Route 53 Resolver DNS Firewall policy Firewall Manager findings