How do I integrate AWS SecurityHub with Amazon EventBridge for custom alerting?
In this guide, we will integrate AWS SecurityHub with Amazon EventBridge to create custom alerting mechanisms. AWS SecurityHub provides a comprehensive view of your security alerts and compliance status, while EventBridge allows you to route these alerts to various targets for custom handling, such as invoking AWS Lambda functions, sending notifications, or triggering automated workflows.
Steps:
- Enable SecurityHub: Ensure that AWS SecurityHub is enabled in your AWS account.
- Create an EventBridge Rule: Define a rule in EventBridge to capture SecurityHub findings.
- Define Targets: Set up targets for the EventBridge rule, such as an SNS topic or a Lambda function.
Below is the Pulumi program to accomplish this:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
// Enable SecurityHub
const securityHub = new aws.securityhub.Account("securityHub", {
enableDefaultStandards: true,
});
// Create an SNS Topic for alerts
const snsTopic = new aws.sns.Topic("securityHubAlertsTopic");
// Create an EventBridge rule to capture SecurityHub findings
const eventRule = new aws.cloudwatch.EventRule("securityHubEventRule", {
eventPattern: JSON.stringify({
source: ["aws.securityhub"],
detailType: ["Security Hub Findings - Imported"],
}),
});
// Create an EventBridge target to send alerts to the SNS topic
const eventTarget = new aws.cloudwatch.EventTarget("securityHubEventTarget", {
rule: eventRule.name,
arn: snsTopic.arn,
});
// Grant EventBridge permission to publish to the SNS topic
const snsPolicy = new aws.sns.TopicPolicy("snsPolicy", {
arn: snsTopic.arn,
policy: snsTopic.arn.apply(arn => JSON.stringify({
Version: "2012-10-17",
Statement: [{
Effect: "Allow",
Principal: { Service: "events.amazonaws.com" },
Action: "sns:Publish",
Resource: arn,
}],
})),
});
// Export the SNS Topic ARN
export const snsTopicArn = snsTopic.arn;
Key Points:
- SecurityHub: AWS service that provides a centralized view of security alerts.
- EventBridge: Service used to route events to various targets for custom processing.
- SNS Topic: Used as a target to send notifications when SecurityHub findings are captured.
Summary:
We have created a Pulumi program that integrates AWS SecurityHub with Amazon EventBridge to set up custom alerting. This setup involves enabling SecurityHub, creating an EventBridge rule to capture findings, and defining an SNS topic as the target for the alerts. This allows for automated and customizable handling of security alerts in your AWS environment.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.