AWS Security Hub
This integration uses the AWS Security Hub API to ingest vulnerability findings which appear in Elastic’s native vulnerability workflows. This page explains how to make data from the AWS Security Hub integration appear in the following places within Elastic Security:
- Findings page: Data appears on the Vulnerabilities tab.
- Alert and Entity details flyouts: Applicable data appears in the Insights section.
In order for AWS Security Hub data to appear in these workflows:
- Follow the steps to set up the AWS Security Hub integration.
- Ensure you have
readprivileges for thesecurity_solution-*.vulnerability_latestindex.
Note
You can ingest data from the AWS Security Hub integration for other purposes without following these steps.