Amazon Firewall Manager integration with Amazon Security Hub - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Firewall Manager integration with Amazon Security Hub

This page explains how to use Firewall Manager and Security Hub together.

Amazon Firewall Manager creates findings for resources that are out of compliance and for attacks that it detects, and it sends them to Amazon Security Hub. For information about Security Hub findings, see Findings in Amazon Security Hub.

When you use Security Hub and Firewall Manager, Firewall Manager automatically sends your findings to Security Hub. For information about getting started with Security Hub, see Setting Up Amazon Security Hub in the Amazon Security Hub User Guide.

Note

Firewall Manager only updates findings for policies that are under its management and for resources that it's monitoring.

Firewall Manager doesn't resolve findings for the following:

  • Policies that have been deleted.

  • Resources that have been deleted.

  • Resources that have gone out of scope of the Firewall Manager policy, for example due to tag change or policy definition change.

How do I view my Firewall Manager findings?

To view your Firewall Manager findings in Security Hub, follow the guidance at Working with Findings in Security Hub and create a filter using the following settings:

  • Attribute set to Product Name.

  • Operator set to EQUALS.

  • Value set to Firewall Manager. This setting is case sensitive.

Can I disable this?

You can disable the integration of Amazon Firewall Manager findings with Security Hub through the Security Hub console. Choose Integrations in the navigation bar, then in the Firewall Manager pane, choose Disable Integration. For more information, see the Amazon Security Hub User Guide.