AWS Security Hub

Receive AWS Security Hub aggregated security findings via SNS/EventBridge.

InboundCloud Platforms
Start Free Trial

Quick Setup

Copy Webhook URL

Go to your Alert24 dashboard and copy the webhook URL for AWS Security Hub.

Configure AWS Security Hub

Add the webhook URL in your AWS Security Hub settings.

Auto-Detected

Alert24 auto-detects AWS Security Hub payloads and maps them to incidents.

Step-by-Step Setup Instructions

AWS Security Hub Webhook Setup

1.Create an SNS Topic for Security Hub findings
2.In EventBridge, create a rule matching Security Hub finding events:

- Source: aws.securityhub

- Detail type: Security Hub Findings - Imported

3.Set the target to your SNS topic
4.Add an HTTPS subscription to the SNS topic using the webhook URL above
5.Confirm the subscription

Example Webhook Payload

This is a sample payload that AWS Security Hub sends to Alert24 when an alert fires.

{
  "version": "0",
  "source": "aws.securityhub",
  "detail-type": "Security Hub Findings - Imported",
  "detail": {
    "findings": [
      {
        "SchemaVersion": "2018-10-08",
        "Id": "arn:aws:securityhub:us-east-1:123456789012:finding/abc123",
        "Title": "S3 bucket my-bucket has public read access enabled",
        "Severity": {
          "Label": "HIGH",
          "Normalized": 70
        },
        "Workflow": {
          "Status": "NEW"
        },
        "Resources": [
          {
            "Type": "AwsS3Bucket",
            "Id": "my-bucket"
          }
        ]
      }
    ]
  }
}

How Alert24 Maps AWS Security Hub Data

Status Field

detail.findings.0.Workflow.Status

Message Field

detail.findings.0.Title

Auto-Create Incidents

Yes

Auto-Resolve Incidents

Yes

Status Mapping

Alert24 StatusAWS Security Hub Values
operational
RESOLVED
degraded
NOTIFIED
down
NEW

Connect AWS Security Hub to Alert24 in minutes

Free plan includes 5 monitors, 1 status page, and incident management. No credit card required.

Start Free TrialSee Pricing

More Cloud Platforms Integrations

AWS CloudWatch

Inbound

Receive CloudWatch alarm notifications via SNS webhook.

Azure Monitor

Inbound

Receive Azure Monitor alerts and log Activity Log changes to correlate infrastructure changes with incidents.

Azure Service Health

Inbound

Receive Azure Service Health incident, maintenance, and advisory notifications.

Azure Resource Health

Inbound

Receive Azure Resource Health notifications for individual resource availability.

Google Cloud Monitoring

Inbound

Receive Google Cloud Monitoring (formerly Stackdriver) alerts.

Google Cloud SCC

Inbound

Receive Google Cloud Security Command Center threat and vulnerability findings via Pub/Sub.