0
1.0.2
Yokohama, Xanadu, Washington DC, Vancouver Patch 4
AWS Security Hub integration with Security Incident Response is a new SIEM integration. The AWS Security Hub integration enables SIR to ingest Security Hub findings and create corresponding security incidents.
Key features
- AWS Security Hub integration with Security Incident Response follows a bidirectional architecture. All updates in AWS Security Hub is synchronized with SIR work notes and vice versa.
- Discover AWS Security Hub findings that are candidates for security incidents and automate the creation of these security incidents.
- Map AWS Security Hub findings and entity fields to SIR security incident fields.
- Filter AWS Security Hub findings.
- Aggregate findings to existing open security incidents so that you don't have to create duplicate security incidents.
- Schedule findings ingestion to create security incidents periodically.
- Automate AWS Security Hub findings status updates for Security Incident Response so that you can create and close security incidents.
Fixed :
Version 1.0.2 of "Security Incident Response integration with AWS SecurityHub" includes a defect fix
Required roles for AWS Security Hub:
- AWSSecurityHubFullAccess
- AWSSecurityHubReadOnlyAccess
Requires roles on ServiceNow instance: sn_si.admin