---
title: AWS Security Hub
description: >-
  AWS Security Hub provides you with a comprehensive view of your security state
  in AWS.
breadcrumbs: Docs > Integrations > AWS Security Hub
---

# AWS Security Hub

## Overview{% #overview %}

AWS Security Hub provides you with a comprehensive view of your security state in AWS and helps you check your environment against security industry standards and best practices.

This integration enables you to see all your AWS Security Hub logs in Datadog.

**Note**: You can also send your Datadog security signals to Security Hub for orchestration of additional events in your AWS environment. Follow the instructions on the [securityhub-eventbridge-example](https://github.com/DataDog/securityhub-eventbridge-example) repository to set this up.

## Setup{% #setup %}

Datadog uses Amazon EventBridge to forward Security Hub events as logs to Datadog. Datadog supports both [Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) and [Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub-v2.html).

Datadog recommends creating two rules, one for each product. Avoid forwarding **All events**, because this can lead to receiving duplicate events and can result in mixed event formats: Security Hub CSPM events are in [AWS Security Finding Format](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) while Security Hub events are in [Open Cybersecurity Schema Framework](https://ocsf.io/) format.

1. Go to [Amazon EventBridge](https://aws.amazon.com/eventbridge/).
1. In the Create a new rule pane, click **Create rule**.
1. In the Name and description pane, type a name for your rule in the Name field and if you want, type a description for your rule in the Description field.
1. In the Define pattern pane, select **Event pattern**, and then select **Pre-defined pattern by service** to build an event pattern.
1. From the Service provider list, select **AWS**.
1. From the Service name list, select **SecurityHub**.
1. From the Event type list, select:

- **Security Hub Findings - Imported** for Security Hub CSPM
- **Findings Imported V2** for Security Hub
In the Select event bus pane, select **AWS default event bus**.In the Select targets pane, from the Target list, select **Lambda function**.Select the [Datadog forwarder](https://docs.datadoghq.com/serverless/libraries_integrations/forwarder/) to send logs to Datadog.Click **Create**.
## Troubleshooting{% #troubleshooting %}

Need help? Contact [Datadog support](https://docs.datadoghq.com/help/).