Skip to content

[aws_securityhub] Initial release of AWS Security Hub #15932

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

[aws_securityhub] Initial release of AWS Security Hub #15932

wants to merge 2 commits into from

Conversation

@brijesh-elastic
Copy link
Collaborator

@brijesh-elastic brijesh-elastic commented Nov 11, 2025

Proposed commit message

aws_securityhub: Initial release of AWS Security Hub

the integration collects findings in OCSF format using GetFindingsV2 API, it supports
OCSF v1.5 classes(2002, 2003, 2004, 2006).

ECS mapping and transforms have also been added to facilitate with the
Cloud Native Vulnerability Management (CNVM)[1] workflow.

[1] https://www.elastic.co/guide/en/security/current/vuln-management-overview.html

Note

To Reviewers:

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/aws_securityhub directory.
  • Run the following command to run tests.

elastic-package test

Related issues

@brijesh-elastic brijesh-elastic self-assigned this Nov 11, 2025
@brijesh-elastic brijesh-elastic added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] Category: CDR labels Nov 11, 2025
@brijesh-elastic brijesh-elastic mentioned this pull request Nov 11, 2025
Merged
@elasticmachine
Copy link

elasticmachine commented Nov 11, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @brijesh-elastic

@andrewkroh andrewkroh added the New Integration Issue or pull request for creating a new integration package. label Nov 11, 2025
kcreddy added a commit to elastic/elasticsearch that referenced this pull request Nov 14, 2025
@kcreddy
Add aws_securityhub.finding source indices to kibana_system role perm…
9495281 
…issions (#137866)

Adding logs-aws_securityhub.finding-* data stream indices to the kibana_system privileges. This is required for the latest transform to work.

Related: elastic/integrations#15932
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@brijesh-elastic brijesh-elastic

Labels

Category: CDR documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request New Integration Issue or pull request for creating a new integration package. Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]

Projects

None yet

Milestone

No milestone

3 participants

@brijesh-elastic @elasticmachine @andrewkroh