When you create a custom action in AWS Security Hub, you specify its name, description, and a unique
identifier.
A custom action specifies which actions to take when an EventBridge event matches an EventBridge rule. Security Hub sends each finding to
EventBridge as an event.
Choose your preferred method, and follow the steps to create a custom action.
- Console
-
To create a custom action in Security Hub (console)
Open the AWS Security Hub console at https://console.aws.amazon.com/securityhub/.
-
In the navigation pane, choose Settings and then
choose Custom actions.
-
Choose Create custom action.
-
Provide a Name, Description, and
Custom action ID for the action.
The Name must be fewer than 20 characters.
The Custom action ID must be unique for each AWS
account.
-
Choose Create custom action.
-
Make a note of the Custom action ARN. You need to use
the ARN when you create a rule to associate with this action in EventBridge.
- API
-
To create a custom action (API)
Use the CreateActionTarget operation. If you're using the AWS CLI, run the
create-action-target command.
The following example creates a custom action to send findings to a remediation tool. This example is formatted for Linux, macOS, or Unix,
and it uses the backslash (\) line-continuation character to improve
readability.
$
aws securityhub create-action-target --name "Send to remediation
" --description "Action to send the finding for remediation tracking
" --id "Remediation
"