Posted On: Dec 11, 2020

AWS Security Hub now supports a bidirectional integration with ServiceNow ITSM, making it easier for Security Hub users to automatically create and update tickets in ServiceNow ITSM from Security Hub findings and ensure that updates to those tickets are synced with the findings. This integration is available via the AWS Service Management Connector for ServiceNow app. After downloading the app, you can decide if you want to send all or only certain findings with specific severity levels to ServiceNow and you can decide if you want to automatically create incident or problem tickets. Then, when you make an update to various fields in the ticket, such as state or priority, those changes are automatically sent to Security Hub, so that Security Hub always has the latest and correct information about that issue.

You can see a demonstration of this integration here.

The AWS Service Management Connector for ServiceNow is available at no charge in the ServiceNow Store. This new feature is generally available in all AWS Regions where AWS Security Hub is available except in the AWS China (Beijing) Region operated by Sinnet and in the AWS China (Ningxia) Region operated by NWCD. For more information, please visit the documentation on the AWS Service Management Connector.

The AWS Service Management Connector for ServiceNow also supports integrations with AWS Service Catalog, AWS Config, and AWS Systems Manager. You can also request and provision curated AWS products via AWS Service Catalog, view configuration item details on select resources within ServiceNow CMDB powered by AWS Config, and execute AWS Systems Manager automation documents via AWS Systems Manager Automation.

Available globally, AWS Security Hub is designed to give you a comprehensive view of your security posture across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, AWS System Manager Patch Manager, AWS IAM Access Analyzer, and from 48 AWS Partner solutions. You can also continuously monitor your environment using automated security checks based on standards, such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard. You can also take action on these findings by investigating findings in Amazon Detective and by using Amazon CloudWatch Event rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), and incident management tools or to custom remediation playbooks.

You can enable your 30-day free trial of AWS Security Hub with a single-click in the AWS Management console. Please see the AWS Regional Services List for all the regions where AWS Security Hub is available. To learn more about AWS Security Hub capabilities, see the AWS Security Hub documentation, and to start your 30-day free trial see the AWS Security Hub free trial page.

updated on 1/3/22