Third-party product integrations with Security Hub - AWS Security Hub

Third-party product integrations with Security Hub

AWS Security Hub integrates with multiple third-party partner products. An integration may perform one or more of the following actions:

  • Send findings that it generates to Security Hub

  • Receive findings from Security Hub

  • Update findings in Security Hub

Integrations that send findings to Security Hub have an Amazon Resource Name (ARN).

Note

Integrations may not be available in all AWS Regions. If an integration isn't supported in the current Region, it doesn't appear on the Integrations page.

For a list of integrations that are available in the China Regions and AWS GovCloud (US), see Integrations that are supported in China (Beijing) and China (Ningxia) and Integrations that are supported in AWS GovCloud (US-East) and AWS GovCloud (US-West).

If you have a security solution and are interested in becoming a Security Hub partner, email . For more information, see the AWS Security Hub Partner Integration Guide.

Overview of third-party integrations with Security Hub

Here's an overview of the third party integrations that send findings to Security Hub or receive findings from Security Hub:

Integration Direction ARN (if applicable)

3CORESec – 3CORESec NTA

Sends findings

arn:aws:securityhub:<REGION>::product/3coresec/3coresec

Alert Logic – SIEMless Threat Management

Sends findings

arn:aws:securityhub:<REGION>:733251395267:product/alertlogic/althreatmanagement

Aqua Security – Aqua Cloud Native Security Platform

Sends findings

arn:aws:securityhub:<REGION>::product/aquasecurity/aquasecurity

Aqua Security – Kube-bench

Sends findings

arn:aws:securityhub:<REGION>::product/aqua-security/kube-bench

Armor – Armor Anywhere

Sends findings

arn:aws:securityhub:<REGION>:679703615338:product/armordefense/armoranywhere

AttackIQ – AttackIQ

Sends findings

arn:aws:securityhub:<REGION>::product/attackiq/attackiq-platform

Barracuda Networks – Cloud Security Guardian

Sends findings

arn:aws:securityhub:<REGION>:151784055945:product/barracuda/cloudsecurityguardian

BigID – BigID Enterprise

Sends findings

arn:aws:securityhub:<REGION>::product/bigid/bigid-enterprise

Blue Hexagon – Blue Hexagon forAWS

Sends findings

arn:aws:securityhub:<REGION>::product/blue-hexagon/blue-hexagon-for-aws

Check Point – CloudGuard IaaS

Sends findings

arn:aws:securityhub:<REGION>:758245563457:product/checkpoint/cloudguard-iaas

Check Point – CloudGuard Posture Management

Sends findings

arn:aws:securityhub:<REGION>:634729597623:product/checkpoint/dome9-arc

Claroty – xDome

Sends findings

arn:aws:securityhub:<REGION>::product/claroty/xdome

Cloud Storage Security – Antivirus for Amazon S3

Sends findings

arn:aws:securityhub:<REGION>::product/cloud-storage-security/antivirus-for-amazon-s3

Contrast Security

Sends findings

arn:aws:securityhub:<REGION>::product/contrast-security/security-assess

CrowdStrike – CrowdStrike Falcon

Sends findings

arn:aws:securityhub:<REGION>:517716713836:product/crowdstrike/crowdstrike-falcon

CyberArk – Privileged Threat Analytics

Sends findings

arn:aws:securityhub:<REGION>:749430749651:product/cyberark/cyberark-pta

Data Theorem – Data Theorem

Sends findings

arn:aws:securityhub:<REGION>::product/data-theorem/api-cloud-web-secure

Drata

Sends findings

arn:aws:securityhub:<REGION>::product/drata/drata-integration

Forcepoint – Forcepoint CASB

Sends findings

arn:aws:securityhub:<REGION>:365761988620:product/forcepoint/forcepoint-casb

Forcepoint – Forcepoint Cloud Security Gateway

Sends findings

arn:aws:securityhub:<REGION>::product/forcepoint/forcepoint-cloud-security-gateway

Forcepoint – Forcepoint DLP

Sends findings

arn:aws:securityhub:<REGION>:365761988620:product/forcepoint/forcepoint-dlp

Forcepoint – Forcepoint NGFW

Sends findings

arn:aws:securityhub:<REGION>:365761988620:product/forcepoint/forcepoint-ngfw

Fugue – Fugue

Sends findings

arn:aws:securityhub:<REGION>::product/fugue/fugue

Guardicore – Centra 4.0

Sends findings

arn:aws:securityhub:<REGION>::product/guardicore/guardicore

HackerOne – Vulnerability Intelligence

Sends findings

arn:aws:securityhub:<REGION>::product/hackerone/vulnerability-intelligence

JFrog – Xray

Sends findings

arn:aws:securityhub:<REGION>::product/jfrog/jfrog-xray

Juniper Networks – vSRX Next Generation Firewall

Sends findings

arn:aws:securityhub:<REGION>::product/juniper-networks/vsrx-next-generation-firewall

k9 Security – Access Analyzer

Sends findings

arn:aws:securityhub:<REGION>::product/k9-security/access-analyzer

Lacework – Lacework

Sends findings

arn:aws:securityhub:<REGION>::product/lacework/lacework

McAfee – MVISION Cloud Native Application Protection Platform (CNAPP)

Sends findings

arn:aws:securityhub:<REGION>::product/mcafee-skyhigh/mcafee-mvision-cloud-aws

NETSCOUT – NETSCOUT Cyber Investigator

Sends findings

arn:aws:securityhub:us-east-1::product/netscout/netscout-cyber-investigator

Palo Alto Networks – Prisma Cloud Compute

Sends findings

arn:aws:securityhub:<REGION>:496947949261:product/twistlock/twistlock-enterprise

Palo Alto Networks – Prisma Cloud Enterprise

Sends findings

arn:aws:securityhub:<REGION>:188619942792:product/paloaltonetworks/redlock

Plerion – Cloud Security Platform

Sends findings

arn:aws:securityhub:<REGION>::product/plerion/cloud-security-platform

Prowler – Prowler

Sends findings

arn:aws:securityhub:<REGION>::product/prowler/prowler

Qualys – Vulnerability Management

Sends findings

arn:aws:securityhub:<REGION>:805950163170:product/qualys/qualys-vm

Rapid7 – InsightVM

Sends findings

arn:aws:securityhub:<REGION>:336818582268:product/rapid7/insightvm

SecureCloudDB – SecureCloudDB

Sends findings

arn:aws:securityhub:<REGION>::product/secureclouddb/secureclouddb

SentinelOne – SentinelOne

Sends findings

arn:aws:securityhub:<REGION>::product/sentinelone/endpoint-protection

Snyk

Sends findings

arn:aws:securityhub:<region>::product/snyk/snyk

Sonrai Security – Sonrai Dig

Sends findings

arn:aws:securityhub:<REGION>::product/sonrai-security/sonrai-dig

Sophos – Server Protection

Sends findings

arn:aws:securityhub:<REGION>:062897671886:product/sophos/sophos-server-protection

StackRox – StackRox Kubernetes Security

Sends findings

arn:aws:securityhub:<REGION>::product/stackrox/kubernetes-security

Sumo Logic – Machine Data Analytics

Sends findings

arn:aws:securityhub:<REGION>:956882708938:product/sumologicinc/sumologic-mda

Symantec – Cloud Workload Protection

Sends findings

arn:aws:securityhub:<REGION>:754237914691:product/symantec-corp/symantec-cwp

Tenable – Tenable.io

Sends findings

arn:aws:securityhub:<REGION>:422820575223:product/tenable/tenable-io

Trend Micro – Cloud One

Sends findings

arn:aws:securityhub:<REGION>::product/trend-micro/cloud-one

Vectra – Cognito Detect

Sends findings

arn:aws:securityhub:<REGION>:978576646331:product/vectra-ai/cognito-detect

Wiz

Sends findings

arn:aws:securityhub:<REGION>::product/wiz-security/wiz-security

Atlassian - Jira Service Management

Receives and updates findings

Not applicable

Atlassian - Jira Service Management Cloud

Receives and updates findings

Not applicable

Atlassian – Opsgenie

Receives findings

Not applicable

Fortinet – FortiCNP

Receives findings

Not applicable

IBM – QRadar

Receives findings

Not applicable

Logz.io Cloud SIEM

Receives findings

Not applicable

MetricStream

Receives findings

Not applicable

MicroFocus – MicroFocus Arcsight

Receives findings

Not applicable

New Relic Vulnerability Management

Receives findings

Not applicable

PagerDuty – PagerDuty

Receives findings

Not applicable

Palo Alto Networks – Cortex XSOAR

Receives findings

Not applicable

Palo Alto Networks – VM-Series

Receives findings

Not applicable

Rackspace Technology – Cloud Native Security

Receives findings

Not applicable

Rapid7 – InsightConnect

Receives findings

Not applicable

RSA – RSA Archer

Receives findings

Not applicable

ServiceNow – ITSM

Receives and updates findings

Not applicable

Slack – Slack

Receives findings

Not applicable

Splunk – Splunk Enterprise

Receives findings

Not applicable

Splunk – Splunk Phantom

Receives findings

Not applicable

ThreatModeler

Receives findings

Not applicable

Trellix – Trellix Helix

Receives findings

Not applicable

Caveonix – Caveonix Cloud

Sends and receives findings

arn:aws:securityhub:<REGION>::product/caveonix/caveonix-cloud

Cloud Custodian – Cloud Custodian

Sends and receives findings

arn:aws:securityhub:<REGION>::product/cloud-custodian/cloud-custodian

DisruptOps, Inc. – DisruptOPS

Sends and receives findings

arn:aws:securityhub:<REGION>::product/disruptops-inc/disruptops

Kion

Sends and receives findings

arn:aws:securityhub:<REGION>::product/cloudtamerio/cloudtamerio

Turbot – Turbot

Sends and receives findings

arn:aws:securityhub:<REGION>:453761072151:product/turbot/turbot

Third-party integrations that send findings to Security Hub

The following third party partner product integrations send findings to Security Hub. Security Hub transforms the findings into the AWS Security Finding Format.

3CORESec – 3CORESec NTA

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/3coresec/3coresec

3CORESec provides managed detection services for both on-premises and AWS systems. Their integration with Security Hub allows visibility into threats such as malware, privilege escalation, lateral movement, and improper network segmentation.

Product link

Partner documentation

Alert Logic – SIEMless Threat Management

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:733251395267:product/alertlogic/althreatmanagement

Get the right level of coverage: vulnerability and asset visibility, threat detection and incident management, AWS WAF, and assigned SOC analyst options.

Product link

Partner documentation

Aqua Security – Aqua Cloud Native Security Platform

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/aquasecurity/aquasecurity

Aqua Cloud Native Security Platform (CSP) provides full lifecycle security for container-based and serverless applications, from your CI/CD pipeline to runtime production environments.

Product link

Partner documentation

Aqua Security – Kube-bench

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/aqua-security/kube-bench

Kube-bench is an open-source tool that runs the Center for Internet Security (CIS) Kubernetes Benchmark against your environment.

Product link

Partner documentation

Armor – Armor Anywhere

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:679703615338:product/armordefense/armoranywhere

Armor Anywhere delivers managed security and compliance for AWS.

Product link

Partner documentation

AttackIQ – AttackIQ

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/attackiq/attackiq-platform

AttackIQ Platform emulates real adversarial behavior aligned with the MITRE ATT&CK Framework to help validate and improve your overall security posture.

Product link

Partner documentation

Barracuda Networks – Cloud Security Guardian

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:151784055945:product/barracuda/cloudsecurityguardian

Barracuda Cloud Security Sentry helps organizations stay secure while building applications in, and moving workloads to, the public cloud.

AWS Marketplace link

Product link

BigID – BigID Enterprise

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/bigid/bigid-enterprise

The BigID Enterprise Privacy Management Platform helps companies manage and protect sensitive data (PII) across all their systems.

Product link

Partner documentation

Blue Hexagon – Blue Hexagon for AWS

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/blue-hexagon/blue-hexagon-for-aws

Blue Hexagon is a real time threat detection platform. It uses deep learning principles to detect known and unknown threats, including malware and network anomalies.

AWS Marketplace link

Partner documentation

Check Point – CloudGuard IaaS

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:758245563457:product/checkpoint/cloudguard-iaas

Check Point CloudGuard easily extends comprehensive threat prevention security to AWS while protecting assets in the cloud.

Product link

Partner documentation

Check Point – CloudGuard Posture Management

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:634729597623:product/checkpoint/dome9-arc

A SaaS platform that delivers verifiable cloud network security, advanced IAM protection, and comprehensive compliance and governance.

Product link

Partner documentation

Claroty – xDome

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/claroty/xdome

Claroty xDome helps organizations secure their cyber-physical systems across the Extended Internet of Things (XIoT) within industrial (OT), healthcare (IoMT), and enterprise (IoT) environments.

Product link

Partner documentation

Cloud Storage Security – Antivirus for Amazon S3

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/cloud-storage-security/antivirus-for-amazon-s3

Cloud Storage Security provides cloud native anti-malware and antivirus scanning for Amazon S3 objects.

Antivirus for Amazon S3 offers real time and scheduled scans of objects and files in Amazon S3 for malware and threats. It provides visibility and remediation for problem and infected files.

Product link

Partner documentation

Contrast Security – Contrast Assess

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/contrast-security/security-assess

Contrast Security Contrast Assess is an IAST tool that offers real-time vulnerability detection in web apps, APIs, and microservices. Contrast Assess integrates with Security Hub to help provide centralized visibility and response for all your workloads.

Product link

Partner documentation

CrowdStrike – CrowdStrike Falcon

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:517716713836:product/crowdstrike/crowdstrike-falcon

The CrowdStrike Falcon single, lightweight sensor unifies next-generation antivirus, endpoint detection and response, and 24/7 managed hunting through the cloud.

AWS Marketplace link

Partner documentation

CyberArk – Privileged Threat Analytics

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:749430749651:product/cyberark/cyberark-pta

Privileged Threat Analytics collect, detect, alert, and respond to high-risk activity and behavior of privileged accounts to contain in-progress attacks.

Product link

Partner documentation

Data Theorem – Data Theorem

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/data-theorem/api-cloud-web-secure

Data Theorem continuously scans web applications, APIs, and cloud resources in search of security flaws and data privacy gaps to prevent AppSec data breaches.

Product link

Partner documentation

Drata

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/drata/drata-integration

Drata is a compliance automation platform that helps you achieve and maintain compliance with various frameworks, such as SOC2, ISO, and GDPR. The integration between Drata and Security Hub helps you centralize your security findings in one location.

AWS Marketplace link

Partner documentation

Forcepoint – Forcepoint CASB

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:365761988620:product/forcepoint/forcepoint-casb

Forcepoint CASB allows you to discover cloud application use, analyze risk, and enforce appropriate controls for SaaS and custom applications.

Product link

Partner documentation

Forcepoint – Forcepoint Cloud Security Gateway

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/forcepoint/forcepoint-cloud-security-gateway

Forcepoint Cloud Security Gateway is a converged cloud security service that provides visibility, control, and threat protection for users and data, wherever they are.

Product link

Partner documentation

Forcepoint – Forcepoint DLP

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:365761988620:product/forcepoint/forcepoint-dlp

Forcepoint DLP addresses human-centric risk with visibility and control everywhere your people work and everywhere your data resides.

Product link

Partner documentation

Forcepoint – Forcepoint NGFW

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:365761988620:product/forcepoint/forcepoint-ngfw

Forcepoint NGFW lets you connect your AWS environment into your enterprise network with the scalability, protection, and insights needed to manage your network and respond to threats.

Product link

Partner documentation

Fugue – Fugue

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/fugue/fugue

Fugue is an agent-less, scalable cloud-native platform that automates the continuous validation of infrastructure-as-code and cloud runtime environments using the same policies.

Product link

Partner documentation

Guardicore – Centra 4.0

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/guardicore/guardicore

Guardicore Centra provides flow visualization, micro-segmentation, and breach detection for workloads in modern data centers and clouds.

Product link

Partner documentation

HackerOne – Vulnerability Intelligence

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/hackerone/vulnerability-intelligence

The HackerOne platform partners with the global hacker community to uncover the most relevant security issues. Vulnerability Intelligence enables your organization to go beyond automated scanning. It shares vulnerabilities that HackerOne ethical hackers have validated and provided steps to reproduce.

AWS marketplace link

Partner documentation

JFrog – Xray

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/jfrog/jfrog-xray

JFrog Xray is a universal application security Software Composition Analysis (SCA) tool that continuously scans binaries for license compliance and security vulnerabilities so that you can run a secure software supply chain.

AWS Marketplace link

Partner documentation

Juniper Networks – vSRX Next Generation Firewall

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/juniper-networks/vsrx-next-generation-firewall

Juniper Networks' vSRX Virtual Next Generation Firewall delivers a complete cloud-based virtual firewall with advanced security, secure SD-WAN, robust networking, and built-in automation.

AWS Marketplace link

Partner documentation

Product link

k9 Security – Access Analyzer

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/k9-security/access-analyzer

k9 Security notifies you when important access changes occur in your AWS Identity and Access Management account. With k9 Security, you can understand the access that users and IAM roles have to critical AWS services and your data.

k9 Security is built for continuous delivery, allowing you to operationalize IAM with actionable access audits and simple policy automation for AWS CDK and Terraform.

Product link

Partner documentation

Lacework – Lacework

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/lacework/lacework

Lacework is the data-driven security platform for the cloud. The Lacework Cloud Security Platform automates cloud security at scale so you can innovate with speed and safety.

Product link

Partner documentation

McAfee – MVISION Cloud Native Application Protection Platform (CNAPP)

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/mcafee-skyhigh/mcafee-mvision-cloud-aws

McAfee MVISION Cloud Native Application Protection Platform (CNAPP) offers Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for your AWS environment.

Product link

Partner documentation

NETSCOUT – NETSCOUT Cyber Investigator

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/netscout/netscout-cyber-investigator

NETSCOUT Cyber Investigator is an enterprise-wide network threat, risk investigation, and forensic analysis platform that helps to reduce the impact of cyber threats on businesses.

Product link

Partner documentation

Palo Alto Networks – Prisma Cloud Compute

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:496947949261:product/twistlock/twistlock-enterprise

Prisma Cloud Compute is a cloud native cybersecurity platform that protects VMs, containers, and serverless platforms.

Product link

Partner documentation

Palo Alto Networks – Prisma Cloud Enterprise

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:188619942792:product/paloaltonetworks/redlock

Protects your AWS deployment with cloud security analytics, advanced threat detection, and compliance monitoring.

Product link

Partner documentation

Plerion – Cloud Security Platform

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/plerion/cloud-security-platform

Plerion is a Cloud Security Platform with a unique threat-led, risk-driven approach that offers preventative, detective, and corrective action across your workloads. The integration between Plerion and Security Hub allows customers to centralize and act upon their security findings in one place.

AWS Marketplace link

Partner documentation

Prowler – Prowler

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/prowler/prowler

Prowler is an open source security tool to perform AWS checks related to security best practices, hardening, and continuous monitoring.

Product link

Partner documentation

Qualys – Vulnerability Management

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:805950163170:product/qualys/qualys-vm

Qualys Vulnerability Management (VM) continuously scans and identifies vulnerabilities, protecting your assets.

Product link

Partner documentation

Rapid7 – InsightVM

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:336818582268:product/rapid7/insightvm

Rapid7 InsightVM provides vulnerability management for modern environments, allowing you to efficiently find, prioritize, and remediate vulnerabilities.

Product link

Partner documentation

SecureCloudDB – SecureCloudDB

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/secureclouddb/secureclouddb

SecureCloudDB is a cloud native database security tool that provides comprehensive visibility of internal and external security postures and activity. It flags security violations and provides remediation on exploitable database vulnerabilities.

Product link

Partner documentation

SentinelOne – SentinelOne

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/sentinelone/endpoint-protection

SentinelOne is an autonomous extended detection and response (XDR) platform encompassing AI-powered prevention, detection, response, and hunting across endpoints, containers, cloud workloads, and IoT devices.

AWS Marketplace link

Product link

Snyk

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/snyk/snyk

Snyk provides a security platform that scans app components for security risks in workloads running on AWS. These risks are sent to Security Hub as findings, helping developers and security teams visualize and prioritize them along with the rest of their AWS security findings.

AWS Marketplace link

Partner documentation

Sonrai Security – Sonrai Dig

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/sonrai-security/sonrai-dig

Sonrai Dig monitors and remediates cloud misconfigurations and policy violations, so you can improve your security and compliance posture.

Product link

Partner documentation

Sophos – Server Protection

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:062897671886:product/sophos/sophos-server-protection

Sophos Server Protection defends the critical applications and data at the core of your organization, using comprehensive defense-in-depth techniques.

Product link

StackRox – StackRox Kubernetes Security

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/stackrox/kubernetes-security

StackRox helps enterprises secure their container and Kubernetes deployments at scale by enforcing their compliance and security policies across the entire container life cycle – build, deploy, and run.

Product link

Partner documentation

Sumo Logic – Machine Data Analytics

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:956882708938:product/sumologicinc/sumologic-mda

Sumo Logic is a secure, machine data analytics platform that enables development and security operations teams to build, run, and secure their AWS applications.

Product link

Partner documentation

Symantec – Cloud Workload Protection

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:754237914691:product/symantec-corp/symantec-cwp

Cloud Workload Protection provides complete protection for your Amazon EC2 instances with antimalware, intrusion prevention, and file integrity monitoring.

Product link

Partner documentation

Tenable – Tenable.io

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:422820575223:product/tenable/tenable-io

Accurately identify, investigate, and prioritize vulnerabilities. Managed in the cloud.

Product link

Partner documentation

Trend Micro – Cloud One

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/trend-micro/cloud-one

Trend Micro Cloud One provides the right security information to teams at the right time and place. This integration sends security findings to Security Hub in real time, enhancing visibility into your AWS resources and Trend Micro Cloud One event details in Security Hub.

AWS Marketplace link

Partner documentation

Vectra – Cognito Detect

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>:978576646331:product/vectra-ai/cognito-detect

Vectra is transforming cybersecurity by applying advanced AI to detect and respond to hidden cyberattackers before they can steal or cause damage.

AWS Marketplace link

Partner documentation

Wiz – Wiz Security

Integration type: Send

Product ARN: arn:aws:securityhub:<REGION>::product/wiz-security/wiz-security

Wiz continuously analyzes configurations, vulnerabilities, networks, IAM settings, secrets, and more across your AWS accounts, users, and workloads to discover critical issues that represent actual risk. Integrate Wiz with Security Hub to visualize and respond to issues that Wiz detects from the Security Hub console.

AWS Marketplace link

Partner documentation

Third-party integrations that receive findings from Security Hub

The following third party partner product integrations receive findings from Security Hub. Where noted, the products may also update findings. In this case, finding updates that you make in the partner product will also be reflected in Security Hub.

Atlassian - Jira Service Management

Integration type: Receive and update

The AWS Service Management Connector for Jira sends findings from Security Hub to Jira. Jira issues are created based on the findings. When the Jira issues are updated, the corresponding findings are updated in Security Hub.

The integration only supports Jira Server and Jira Data Center.

For an overview of the integration and how it works, watch the video AWS Security Hub – Bidirectional integration with Atlassian Jira Service Management.

Product link

Partner documentation

Atlassian - Jira Service Management Cloud

Integration type: Receive and update

Jira Service Management Cloud is the cloud component of Jira Service Management.

The AWS Service Management Connector for Jira sends findings from Security Hub to Jira. The findings trigger the creation of issues in Jira Service Management Cloud. When you update those issues in Jira Service Management Cloud, the corresponding findings are also updated in Security Hub.

Product link

Partner documentation

Atlassian – Opsgenie

Integration type: Receive

Opsgenie is a modern incident management solution for operating always-on services, empowering development and operations teams to plan for service disruptions and stay in control during incidents.

Integrating with Security Hub ensures that mission critical security-related incidents are routed to the appropriate teams for immediate resolution.

Product link

Partner documentation

Fortinet – FortiCNP

Integration type: Receive

FortiCNP is a Cloud Native Protection product that aggregates security findings into actionable insights and prioritizes security insights based on risk score to reduce alert fatigue and accelerate remediation.

AWS Marketplace link

Partner documentation

IBM – QRadar

Integration type: Receive

IBM QRadar SIEM provides security teams with the ability to quickly and accurately detect, prioritize, investigate, and respond to threats.

Product link

Partner documentation

Logz.io Cloud SIEM

Integration type: Receive

Logz.io is a provider of Cloud SIEM that provides advanced correlation of log and event data to help security teams to detect, analyze, and respond to security threats in real time.

Product link

Partner documentation

MetricStream – CyberGRC

Integration type: Receive

MetricStream CyberGRC helps you manage, measure, and mitigate cybersecurity risks. By receiving Security Hub findings, CyberGRC provides more visibility into these risks, so you can prioritize cybersecurity investments and comply with IT policies.

AWS Marketplace link

Product link

MicroFocus – MicroFocus Arcsight

Integration type: Receive

ArcSight accelerates effective threat detection and response in real time, integrating event correlation and supervised and unsupervised analytics with response automation and orchestration.

Product link

Partner documentation

New Relic Vulnerability Management

Integration type: Receive

New Relic Vulnerability Management receives security findings from Security Hub, so you can get a centralized view of security alongside performance telemetry in context across your stack.

AWS Marketplace link

Partner documentation

PagerDuty – PagerDuty

Integration type: Receive

The PagerDuty digital operations management platform empowers teams to proactively mitigate customer-impacting issues by automatically turning any signal into the right insight and action.

AWS users can use the PagerDuty set of AWS integrations to scale their AWS and hybrid environments with confidence.

When coupled with Security Hub aggregated and organized security alerts, PagerDuty allows teams to automate their threat response process and quickly set up custom actions to prevent potential issues.

PagerDuty users who are undertaking a cloud migration project can move quickly, while decreasing the impact of issues that occur throughout the migration lifecycle.

Product link

Partner documentation

Palo Alto Networks – Cortex XSOAR

Integration type: Receive

Cortex XSOAR is a Security Orchestration, Automation, and Response (SOAR) platform that integrates with your entire security product stack to accelerate incident response and security operations.

Product link

Partner documentation

Palo Alto Networks – VM-Series

Integration type: Receive

Palo Alto VM-Series integration with Security Hub collects threat intelligence and sends it to the VM-Series next-generation firewall as an automatic security policy update that blocks malicious IP address activity.

Product link

Partner documentation

Rackspace Technology – Cloud Native Security

Integration type: Receive

Rackspace Technology provides managed security services on top of native AWS security products for 24x7x365 monitoring by Rackspace SOC, advanced analysis, and threat remediation.

Product link

Rapid7 – InsightConnect

Integration type: Receive

Rapid7 InsightConnect is a security orchestration and automation solution that enables your team to optimize SOC operations with little to no code.

Product link

Partner documentation

RSA – RSA Archer

Integration type: Receive

RSA Archer IT and Security Risk Management allows you to determine which assets are critical to your business, establish and communicate security policies and standards, detect and respond to attacks, identify and remediate security deficiencies, and establish clear IT risk management best practices.

Product link

Partner documentation

ServiceNow – ITSM

Integration type: Receive and update

The ServiceNow integration with Security Hub allows security findings from Security Hub to be viewed within ServiceNow ITSM. You can also configure ServiceNow to automatically create an incident or problem when it receives a finding from Security Hub.

Any updates to these incidents and problems result in updates to the findings in Security Hub.

For an overview of the integration and how it works, watch the video AWS Security Hub - Bidirectional integration with ServiceNow ITSM.

Product link

Partner documentation

Slack – Slack

Integration type: Receive

Slack is a layer of the business technology stack that brings together people, data, and applications. It is a single place where people can effectively work together, find important information, and access hundreds of thousands of critical applications and services to do their best work.

Product link

Partner documentation

Splunk – Splunk Enterprise

Integration type: Receive

Splunk uses Amazon CloudWatch Events as a consumer of Security Hub findings. Send your data to Splunk for advanced security analytics and SIEM.

Product link

Partner documentation

Splunk – Splunk Phantom

Integration type: Receive

With the Splunk Phantom application for AWS Security Hub, findings are sent to Phantom for automated context enrichment with additional threat intelligence information or to perform automated response actions.

Product link

Partner documentation

ThreatModeler

Integration type: Receive

ThreatModeler is an automated threat modeling solution that secures and scales the enterprise software and cloud development life cycle.

Product link

Partner documentation

Trellix – Trellix Helix

Integration type: Receive

Trellix Helix is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix.

Product link

Partner documentation

Third-party integrations that send findings to and receive findings from Security Hub

The following third party partner product integrations send findings to and receive findings from Security Hub.

Caveonix – Caveonix Cloud

Integration type: Send and receive

Product ARN: arn:aws:securityhub:<REGION>::product/caveonix/caveonix-cloud

The Caveonix AI-powered platform automates visibility, assessment, and mitigation in hybrid clouds, covering cloud-native services, VMs, and containers. Integrated with AWS Security Hub, Caveonix merges AWS data and advanced analytics for insights into security alerts and compliance.

AWS Marketplace link

Partner documentation

Cloud Custodian – Cloud Custodian

Integration type: Send and receive

Product ARN: arn:aws:securityhub:<REGION>::product/cloud-custodian/cloud-custodian

Cloud Custodian enables users to be well managed in the cloud. The simple YAML DSL allows easily defined rules to enable a well-managed cloud infrastructure that's both secure and cost optimized.

Product link

Partner documentation

DisruptOps, Inc. – DisruptOPS

Integration type: Send and receive

Product ARN: arn:aws:securityhub:<REGION>::product/disruptops-inc/disruptops

The DisruptOps Security Operations Platform helps organizations maintain best security practices in your cloud through the use of automated guardrails.

Product link

Partner documentation

Kion

Integration type: Send and receive

Product ARN: arn:aws:securityhub:<REGION>::product/cloudtamerio/cloudtamerio

Kion (formerly cloudtamer.io) is a complete cloud governance solution for AWS. Kion gives stakeholders visibility into cloud operations and helps cloud users manage accounts, control budget and cost, and ensure continuous compliance.

Product link

Partner documentation

Turbot – Turbot

Integration type: Send and receive

Product ARN: arn:aws:securityhub:<REGION>::product/turbot/turbot

Turbot ensures that your cloud infrastructure is secure, compliant, scalable, and cost optimized.

Product link

Partner documentation