Create a profile for AWS Security Hub finding integration

  • Release version: Xanadu
  • Updated September 29, 2024
  • 1 minute to read

    • Create an AWS Security Hub profile in your ServiceNow AI Platform instance which you are going to use to ingest data from AWS Security Hub and create a corresponding security incident in Security Incident Response Workspace.

    Before you begin

    Role required: admin

    About this task

    The integration enables you to create security incidents for different types of findings on the AWS Security Hub platform, such as unauthorized access attempts and malware. These incidents are created based on the profiles that you configure in the ServiceNow AI Platform instance. All incidents are initially created for a configured finding type in a profile. You can further filter the findings you have created to specify which findings create security incidents.

    All findings that meet the selection criteria in your AWS Security Hub tenant, and are available over the AWS Security Hub API, are initially ingested into your ServiceNow AI Platform instance.

    Procedure

    1. Navigate to All > AWS Security Hub Findings Integration > AWS Security Hub Findings Profile.
    2. Click New.
    3. On the form, fill in the fields.
      Table 1. AWS Security Hub - Findings Ingestion Configuration form
      Field Description
      Name

      Name for the profile.

      This name helps you to identify the profile type and is also the default name for the security tag that is associated with this profile.
      Active

      Select to activate the profile.

      When the profile is active, it implies that the ServiceNow AI Platform actively ingests AWS Security Hub findings data and corresponding security incidents are created in SIR when the filtering conditions are matched.
      Source The AWS Security Hub Integration tenant that you have configured to ingest findings. If you have multiple tenants configured, select the appropriate tenant for the finding types that you are planning to ingest for the profile.
      Order

      Enter a value for this field which indicates the order that flows are executed when two or more profiles share triggering conditions.

      The flow with the lowest number has the highest priority.

      To set the order of operation, enter a value. For example, 100, 200, 300, 400.

      The default is 100.
      Description Extra text to help you distinguish this profile from other profiles.