---
title: AWS Security Hub CSPM
description: This integration uses the AWS Security Hub API to ingest misconfiguration findings which appear in Elastic’s native vulnerability workflows. This page...
url: https://www.elastic.co/elastic/docs-builder/docs/3016/solutions/security/integrations/aws-security-hub-cspm
products:
  - Elastic Cloud Serverless
  - Elastic Security
applies_to:
  - Serverless Security projects: Generally available
  - Elastic Stack: Generally available since 9.3
---

# AWS Security Hub CSPM
This integration uses the AWS Security Hub API to ingest misconfiguration findings which appear in Elastic’s native vulnerability workflows. This page explains how to make data from the AWS Security Hub CSPM integration appear in the following places within Elastic Security:
- **Findings page**: Data appears on the [Misconfigurations](https://www.elastic.co/elastic/docs-builder/docs/3016/solutions/security/cloud/findings-page) tab.
- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/elastic/docs-builder/docs/3016/solutions/security/detect-and-alert/view-detection-alert-details#insights-section).

In order for AWS Security Hub CSPM data to appear in these workflows:
- Follow the steps to [set up the AWS Security Hub CSPM integration](https://docs.elastic.co/en/integrations/aws/securityhub).
- Make sure the integration version is at least 2.31.1.
- Ensure you have `read` privileges for the `security_solution-*.misconfiguration_latest` index.
- While configuring the AWS Security Hub CSPM integration, turn on **Collect AWS Security Hub CSPM Findings from AWS**. We recommend you also set the **Initial Interval** value to `2160h` (equivalent to 90 days) to ingest existing logs.

<note>
  You can ingest data from the AWS Security Hub CSPM integration for other purposes without following these steps.
</note>