Skip to main content

AWS Security Hub Event Collector

This Integration is part of the AWS - Security Hub Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

An XSIAM event collector for AWS Security Hub.

Configure AWS Security Hub Event Collector on Cortex XSIAM#

  1. Navigate to Settings > Configurations > Data Collection > Automations & Feed Integrations.

  2. Search for AWS Security Hub Event Collector.

  3. Click Add instance to create and configure a new integration instance.

    AWS Default RegionTrue
    Role ArnFalse
    Access KeyFalse
    Secret KeyFalse
    First fetch time (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)False
    Role Session NameFalse
    Role Session DurationFalse
    Max events per fetchThe maximum number of events to retrieve for each event type (up to 10000 events). For more information about event types, see the help section.False
    TimeoutThe time in seconds until a timeout exception is reached. You can specify just the read timeout (for example 60) or also the connect timeout followed after a comma (for example 60,10). If a connect timeout is not specified, a default of 10 second will be used.False
    RetriesThe maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time.False
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.



Fetch events from AWS Security Hub.

Base Command#



Argument NameDescriptionRequired
should_push_eventsIf true, the command will create events, otherwise it will only display them. Possible values are: true, false. Default is false.Required
limitMaximum results to return.Optional