Sending Security Hub findings to a custom action

You can create AWS Security Hub custom actions to automate Security Hub with Amazon EventBridge. For custom actions, the event type is Security Hub Findings - Custom Action.

For more information and detailed steps on creating custom actions, see Using EventBridge for automated response and remediation.

After you set up a custom action, you can send findings to it.

To send findings to a custom action (console)

Open the AWS Security Hub console at https://console.aws.amazon.com/securityhub/.
To display a finding list, do one of the following:
- In the Security Hub navigation pane, choose Findings.
- In the Security Hub navigation pane, choose Insights. Choose an insight. Then on the results list, choose an insight result.
- In the Security Hub navigation pane, choose Integrations. Choose See findings for an integration.
- In the Security Hub navigation pane, choose Security standards. Choose View results to display a list of controls. Then choose the control name.
In the finding list, select the check box for each finding to send to the custom action.

You can send up to 20 findings at a time.
For Actions, choose the custom action.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Setting workflow status

Finding format