AWS Security Hub

Overview

AWS Security Hub provides you with a comprehensive view of your security state in AWS and helps you check your environment against security industry standards and best practices.

This integration enables you to see all your AWS Security Hub logs in Datadog.

Note: You can also send your Datadog security signals to Security Hub for orchestration of additional events in your AWS environment. Follow the instructions on the securityhub-eventbridge-example repository to set this up.

Setup

Datadog uses Amazon EventBridge to forward Security Hub events as logs to Datadog.

  1. Go to Amazon EventBridge.
  2. In the Create a new rule pane, click Create rule.
  3. In the Name and description pane, type a name for your rule in the Name field and if you want, type a description for your rule in the Description field.
  4. In the Define pattern pane, select Event pattern, and then select Pre-defined pattern by service to build an event pattern.
  5. From the Service provider list, select AWS.
  6. From the Service name list, select SecurityHub.
  7. From the Event type list, select All Events.
  8. In the Select event bus pane, select AWS default event bus.
  9. In the Select targets pane, from the Target list, select Lambda function.
  10. Select the Datadog forwarder to send logs to Datadog.
  11. Click Create.

Troubleshooting

Need help? Contact Datadog support.