0
1.0.3
Zurich, Yokohama, Xanadu, Washington DC, Vancouver Patch 4
AWS Security Hub integration with Security Incident Response is a new SIEM integration. The AWS Security Hub integration enables SIR to ingest Security Hub findings and create corresponding security incidents.
Key features
- AWS Security Hub integration with Security Incident Response follows a bidirectional architecture. All updates in AWS Security Hub is synchronized with SIR work notes and vice versa.
- Discover AWS Security Hub findings that are candidates for security incidents and automate the creation of these security incidents.
- Map AWS Security Hub findings and entity fields to SIR security incident fields.
- Filter AWS Security Hub findings.
- Aggregate findings to existing open security incidents so that you don't have to create duplicate security incidents.
- Schedule findings ingestion to create security incidents periodically.
- Automate AWS Security Hub findings status updates for Security Incident Response so that you can create and close security incidents.
Fixed:
- Blank SIR's getting created due to gr.update in Process Raw Data.
Required roles for AWS Security Hub:
- AWSSecurityHubFullAccess
- AWSSecurityHubReadOnlyAccess
Requires roles on ServiceNow instance: sn_si.admin