0
1.1.0
Zurich, Yokohama, Xanadu, Washington DC, Vancouver Patch 4
AWS Security Hub integration with Security Incident Response is a new SIEM integration. The AWS Security Hub integration enables SIR to ingest Security Hub findings and create corresponding security incidents.
Key features
- AWS Security Hub integration with Security Incident Response follows a bidirectional architecture. All updates in AWS Security Hub is synchronized with SIR work notes and vice versa.
- Discover AWS Security Hub findings that are candidates for security incidents and automate the creation of these security incidents.
- Map AWS Security Hub findings and entity fields to SIR security incident fields.
- Filter AWS Security Hub findings.
- Aggregate findings to existing open security incidents so that you don't have to create duplicate security incidents.
- Schedule findings ingestion to create security incidents periodically.
- Automate AWS Security Hub findings status updates for Security Incident Response so that you can create and close security incidents.
New:
Upgraded all dictionary-level read-only fields to Strict Read-Only to enhance security and prevent unauthorized changes. This ensures the server consistently enforces read-only behaviour across all UIs, scripts, and integrations.
Required roles for AWS Security Hub:
- AWSSecurityHubFullAccess
- AWSSecurityHubReadOnlyAccess
Requires roles on ServiceNow instance: sn_si.admin