Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Editing automation rules

PDF
RSS
Focus mode
Editing automation rules - AWS Security Hub

An automation rule can be used to automatically update findings in AWS Security Hub. For background information about how automation rules work, see Understanding automation rules in Security Hub.

After creating an automation rule, the delegated Security Hub administrator can edit the rule. When you edit an automation rule, the changes apply to new and updated findings that Security Hub generates or ingests after the rule edit.

Choose your preferred method, and follow the steps to edit the contents of an automation rule. You can edit one or more rules with a single request. For instructions on editing rule order, see Editing automation rule order.

Console
To edit automation rules (console)

  1. Using the credentials of the Security Hub administrator, open the AWS Security Hub console at https://console.aws.amazon.com/securityhub/.

  2. In the navigation pane, choose Automations.

  3. Select the rule that you want to edit. Choose Action and Edit.

  4. Change the rule as desired, and choose Save changes.

API
To edit automation rules (API)

  1. Run BatchUpdateAutomationRules from the Security Hub administrator account.

  2. For the RuleArn parameter, provide the ARN of the rule(s) that you want to edit.

  3. Provide the new values for the parameters that you want to edit. You can edit any parameter except RuleArn.

The following example updates the specified automation rule. This example is formatted for Linux, macOS, or Unix, and it uses the backslash (\) line-continuation character to improve readability.

$ aws securityhub batch-update-automation-rules \
--update-automation-rules-request-items '[
    {
      "Actions": [{
        "Type": "FINDING_FIELDS_UPDATE",
        "FindingFieldsUpdate": {
          "Note": {
            "Text": "Known issue that is a risk",
            "UpdatedBy": "sechub-automation"
          },
          "Workflow": {
            "Status": "NEW"
          }
        }
      }],
      "Criteria": {
        "SeverityLabel": [{
         "Value": "LOW",
         "Comparison": "EQUALS"
        }]
      },
      "RuleArn": "arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
      "RuleOrder": 14,
      "RuleStatus": "DISABLED",
    }
  ]' \
--region us-east-1
anchoranchor
To edit automation rules (console)

  1. Using the credentials of the Security Hub administrator, open the AWS Security Hub console at https://console.aws.amazon.com/securityhub/.

  2. In the navigation pane, choose Automations.

  3. Select the rule that you want to edit. Choose Action and Edit.

  4. Change the rule as desired, and choose Save changes.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.