Integrate AWS Security Hub withGoogle SecOps
This document explains how to integrateAWS Security Hub with Google Security Operations (Google SecOps).
Integration version: 8.0
Use cases
In Google SecOps, the AWS Security Hub integration can help you solvethe following use cases:
Automated incident enrichment: use the Google SecOpscapabilities to automatically retrieve relevant context from other AWSservices like VPC Flow Logs, GuardDuty findings, and CloudTrail logs when apotential security event is detected in Security Hub. The automated incidentenrichment can help analysts quickly understand the scope and potentialimpact of the incident.
Prioritized remediation: use the Google SecOpscapabilities to trigger automated responses to Security Hub findings basedon predefined playbooks. For example, a high-severity finding related to anexposed S3 bucket can automatically trigger a playbook to remediate themisconfiguration and notify the appropriate teams.
Threat intelligence integration: use the Google SecOpscapabilities to integrate with threat intelligence feeds and cross-referenceSecurity Hub findings against known malicious indicators. The threatintelligence integration lets analysts identify and prioritize high-riskthreats that require immediate attention.
Compliance reporting and auditing: use the Google SecOpscapabilities to aggregate and normalize security data from Security Hub andother sources to simplify compliance reporting.
Vulnerability management: use the Google SecOpscapabilities to automate the process of vulnerability triage, prioritization,and remediation by integrating with AWS Security Hub vulnerability scanningfeatures. The vulnerability management can help you reduce the attacksurface and improve the overall security posture of your organization.
Before you begin
For the integration to function properly, you need to configure a customidentity and access policy in AWS.
For more information about creating custom policies in AWS, seeCreating policies using the JSON editorin AWS documentation.
To configure permissions that are required for the AWS Security Hub integration,and set the custom policy, use the following code:
{"Sid":"SecurityHubServiceRolePermissions","Effect":"Allow","Action":["securityhub:GetMasterAccount","securityhub:GetInsightResults","securityhub:CreateInsight","securityhub:UpdateInsight","securityhub:BatchUpdateFindings","securityhub:GetFindings","securityhub:GetInsight","securityhub:DescribeHub",],"Resource":"*"}For more information about configuring permissions, seeAWS managed policy:AWSSecurityHubServiceRolePolicyin AWS documentation.
Integration parameters
The AWS Security Hub integration requires the following parameters:
| Parameter | Description |
|---|---|
AWS Access Key ID | Required The AWS access key ID to use in integration. |
AWS Secret Key | Required The AWS secret key to use in the integration. |
AWS Default Region | Required The AWS default region to use in the integration, such as |
You can make changes at a later stage, if necessary. After you configureinstances, you can use them in playbooks. For more information on configuringand supporting multiple instances, seeSupporting multipleinstances.
For instructions on how to configure an integration inGoogle SecOps, seeConfigureintegrations.
Work with the Filter JSON Object parameter
For theCreate Insight andUpdateInsight action, you can configurefilters for findings.
To create an insight in AWS Security Hub, apply filters for the findings thatare available in the system.
The structure of the filter with all possible configurations is as follows:
{"ProductArn":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"AwsAccountId":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"Id":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"GeneratorId":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"Type":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"FirstObservedAt":[{"Start":"string","End":"string","DateRange":{"Value":123,"Unit":"DAYS"}}],"LastObservedAt":[{"Start":"string","End":"string","DateRange":{"Value":123,"Unit":"DAYS"}}],"CreatedAt":[{"Start":"string","End":"string","DateRange":{"Value":123,"Unit":"DAYS"}}],"UpdatedAt":[{"Start":"string","End":"string","DateRange":{"Value":123,"Unit":"DAYS"}}],"SeverityProduct":[{"Gte":123.0,"Lte":123.0,"Eq":123.0}],"SeverityNormalized":[{"Gte":123.0,"Lte":123.0,"Eq":123.0}],"SeverityLabel":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"Confidence":[{"Gte":123.0,"Lte":123.0,"Eq":123.0}],"Criticality":[{"Gte":123.0,"Lte":123.0,"Eq":123.0}],"Title":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"Description":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"RecommendationText":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"SourceUrl":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ProductFields":[{"Key":"string","Value":"string","Comparison":"EQUALS"|"NOT_EQUALS"}],"ProductName":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"CompanyName":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"UserDefinedFields":[{"Key":"string","Value":"string","Comparison":"EQUALS"|"NOT_EQUALS"}],"MalwareName":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"MalwareType":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"MalwarePath":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"MalwareState":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"NetworkDirection":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"NetworkProtocol":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"NetworkSourceIpV4":[{"Cidr":"string"}],"NetworkSourceIpV6":[{"Cidr":"string"}],"NetworkSourcePort":[{"Gte":123.0,"Lte":123.0,"Eq":123.0}],"NetworkSourceDomain":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"NetworkSourceMac":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"NetworkDestinationIpV4":[{"Cidr":"string"}],"NetworkDestinationIpV6":[{"Cidr":"string"}],"NetworkDestinationPort":[{"Gte":123.0,"Lte":123.0,"Eq":123.0}],"NetworkDestinationDomain":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ProcessName":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ProcessPath":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ProcessPid":[{"Gte":123.0,"Lte":123.0,"Eq":123.0}],"ProcessParentPid":[{"Gte":123.0,"Lte":123.0,"Eq":123.0}],"ProcessLaunchedAt":[{"Start":"string","End":"string","DateRange":{"Value":123,"Unit":"DAYS"}}],"ProcessTerminatedAt":[{"Start":"string","End":"string","DateRange":{"Value":123,"Unit":"DAYS"}}],"ThreatIntelIndicatorType":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ThreatIntelIndicatorValue":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ThreatIntelIndicatorCategory":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ThreatIntelIndicatorLastObservedAt":[{"Start":"string","End":"string","DateRange":{"Value":123,"Unit":"DAYS"}}],"ThreatIntelIndicatorSource":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ThreatIntelIndicatorSourceUrl":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceType":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceId":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourcePartition":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceRegion":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceTags":[{"Key":"string","Value":"string","Comparison":"EQUALS"|"NOT_EQUALS"}],"ResourceAwsEc2InstanceType":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceAwsEc2InstanceImageId":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceAwsEc2InstanceIpV4Addresses":[{"Cidr":"string"}],"ResourceAwsEc2InstanceIpV6Addresses":[{"Cidr":"string"}],"ResourceAwsEc2InstanceKeyName":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceAwsEc2InstanceIamInstanceProfileArn":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceAwsEc2InstanceVpcId":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceAwsEc2InstanceSubnetId":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceAwsEc2InstanceLaunchedAt":[{"Start":"string","End":"string","DateRange":{"Value":123,"Unit":"DAYS"}}],"ResourceAwsS3BucketOwnerId":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceAwsS3BucketOwnerName":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceAwsIamAccessKeyUserName":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceAwsIamAccessKeyStatus":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceAwsIamAccessKeyCreatedAt":[{"Start":"string","End":"string","DateRange":{"Value":123,"Unit":"DAYS"}}],"ResourceContainerName":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceContainerImageId":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceContainerImageName":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"ResourceContainerLaunchedAt":[{"Start":"string","End":"string","DateRange":{"Value":123,"Unit":"DAYS"}}],"ResourceDetailsOther":[{"Key":"string","Value":"string","Comparison":"EQUALS"|"NOT_EQUALS"}],"ComplianceStatus":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"VerificationState":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"WorkflowState":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"WorkflowStatus":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"RecordState":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"RelatedFindingsProductArn":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"RelatedFindingsId":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"NoteText":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"NoteUpdatedAt":[{"Start":"string","End":"string","DateRange":{"Value":123,"Unit":"DAYS"}}],"NoteUpdatedBy":[{"Value":"string","Comparison":"EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"}],"Keyword":[{"Value":"string"}]}An example of a filter that returns only findings with the critical severity isas follows:
{"SeverityLabel":[{"Value":"CRITICAL","Comparison":"EQUALS"}]}Actions
To function properly, the AWS Security Hub actions require you to configurespecific permissions. For more information about the permissions for theintegration, see theBefore you begin section of this document.
Create Insight
Use theCreate Insight action to create an insight in AWS Security Hub.
Action inputs
TheCreate Insight action requires the following parameters:
| Parameter | Description |
|---|---|
Insight Name | Required The name of the insight. |
Group By Attribute | Required The name of the attribute to group the findings by. The action groups the findings under one insight. The default value is The possible values are as follows:
|
Filter JSON Object | Required A filter to apply to findings. The filter is a JSON object that lets you specify different attributes and values. For more details about the filter configuration, seeWork with the Filter JSON Object parameter section of this document. |
Action outputs
TheCreate Insight action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using theCreate Insight action:
{"InsightArn":"arn:aws:securityhub:ID",}Output messages
TheCreate Insight action can return the following output messages:
| Output message | Message description |
|---|---|
| The action succeeded. |
Error executing action "Create Insight". Reason:ERROR_REASON | The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when usingtheCreate Insight action:
| Script result name | Value |
|---|---|
is_success | True orFalse |
Get Insight Details
Use theGet Insight Details action to return detailed information aboutinsights in AWS Security Hub.
This action doesn't run on Google SecOps entities.
Action inputs
TheGet Insight Details action requires the following parameters:
| Parameter | Description |
|---|---|
Insight ARN | Required The Amazon Resource Name (ARN) of the insight. |
Max Results To Return | Required The number of results to return. The default value is 50. |
Action outputs
TheGet Insight Details action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
Case wall table
TheGet Insight Details action can return the following table inGoogle SecOps:
Table name:'NUMBER_OF_OBJECTS' BucketObjects
Columns:
- Name (mapped as
GroupByAttributeValue) - Count (mapped as
Count)
JSON result
The following example shows the JSON result output received when using theGet Insight Details action:
"InsightResults":{"InsightArn":"arn:aws:securityhub:ID","GroupByAttribute":"ResourceId","ResultValues":[{"GroupByAttributeValue":"arn:aws:s3:::int-arcsight-v-27-0-getreportstatus","Count":5},{"GroupByAttributeValue":"arn:aws:s3:::int-arcsight-v-27-0-searchactionbug","Count":5},{"GroupByAttributeValue":"arn:aws:s3:::int-arcsight-v-27-0-unicodeandlogs","Count":5},{"GroupByAttributeValue":"arn:aws:s3:::int-automation-v-1-0","Count":5},{"GroupByAttributeValue":"arn:aws:s3:::int-awss3-v-1-0","Count":5},{"GroupByAttributeValue":"arn:aws:s3:::int-azureactivedirectory-v-4-0","Count":5},{"GroupByAttributeValue":"arn:aws:s3:::int-bootcamp-v-1-0","Count":5},{"GroupByAttributeValue":"arn:aws:s3:::int-categories","Count":5}]}Output messages
TheGet Insight Details action can return the following output messages:
| Output message | Message description |
|---|---|
| The action succeeded. |
Error executing action "Get Insight Details". Reason:ERROR_REASON | The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when usingtheGet Insight Details action:
| Script result name | Value |
|---|---|
is_success | True orFalse |
Ping
Use thePing action to test the connectivity to AWS Security Hub.
This action doesn't run on Google SecOps entities.
Action inputs
None.
Action outputs
ThePing action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Output messages
ThePing action can return the following output messages:
| Output message | Message description |
|---|---|
| The action succeeded. |
Failed to connect to the AWS Security Hub! Error isERROR_REASON | The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when usingthePing action:
| Script result name | Value |
|---|---|
is_success | True orFalse |
Update Finding
Use theUpdate Finding action to update findings in AWS Security Hub.
This action doesn't run on Google SecOps entities.
Action inputs
TheUpdate Finding action requires the following parameters:
| Parameter | Description |
|---|---|
ID | Required The ID of the finding to update. |
Product ARN | Required The product ARN of the finding to update. |
Note | Optional A new text for the finding note. If you configure this parameter, also configure the |
Note Author | Optional the author of the note. If you configure this parameter, also configure the |
Severity | Optional A new severity for the finding. The possible values are as follows:
|
Verification State | Optional A new verification state for the finding. The possible values are as follows:
|
Confidence | Optional A new confidence for the finding. The maximum value is 100. |
Criticality | Optional A new criticality for the finding. The maximum value is 100. |
Types | Optional A comma-separated list of types for the finding, such as |
Workflow Status | Optional A new workflow status for the finding. The possible values are as follows:
|
Custom Fields | Optional The finding custom fields to update, such as |
Action outputs
TheUpdate Finding action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Output messages
TheUpdate Finding action can return the following output messages:
| Output message | Message description |
|---|---|
| The action succeeded. |
Error executing action "Update Findings". Reason:ERROR_REASON | The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when usingtheUpdate Finding action:
| Script result name | Value |
|---|---|
is_success | True orFalse |
Update Insight
Use theUpdate Insight action to update an insight in AWS Security Hub.
This action doesn't run on Google SecOps entities.
Action inputs
TheUpdate Insight action requires the following parameters:
| Parameter | Description |
|---|---|
Insight ARN | Required The ARN of the insight. |
Insight Name | Optional The name of the insight. |
Group By Attribute | Optional The name of the attribute to group the findings by. The action groups the findings under one insight. The default value is The possible values are as follows:
|
Filter JSON Object | Optional A filter to apply to findings. The filter is a JSON object that lets you specify different attributes and values. For more details about the filter configuration, seeWork with the Filter JSON Object parameter section of this document. |
Action outputs
TheUpdate Insight action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Output messages
TheUpdate Insight action can return the following output messages:
| Output message | Message description |
|---|---|
| The action succeeded. |
Error executing action "Update Insight". Reason:ERROR_REASON | The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when usingtheUpdate Insight action:
| Script result name | Value |
|---|---|
is_success | True orFalse |
Connectors
For more information about how to configure connectors inGoogle SecOps, seeIngest your data(connectors).
AWS Security Hub – Findings Connector
Use theAWS Security Hub – Findings Connector to retrieve findingsfrom AWS Security Hub.
The connector requires the following parameters:
| Parameters | Description |
|---|---|
Product Field Name | Required The name of the field where the product name is stored. The default value is |
Event Field Name | Required The field name used to determine the event name (subtype). The default value is |
Environment Field Name | Optional The name of the field where the environment name is stored. If the environment field isn't found, the environment is the default environment. The default value is |
Environment Regex Pattern | Optional A regular expression pattern to run on the value found in the Use the default value If the regular expression pattern is null or empty, or the environment value is null, the final environment result is the default environment. |
Script Timeout (Seconds) | Required The timeout limit for the Python process running the current script. the default value is 180. |
AWS Access Key ID | Required The AWS access key ID to use in integration. |
AWS Secret Key | Required The AWS secret key to use in the integration. |
AWS Default Region | Required The AWS default region to use in the integration, such as |
Lowest Severity To Fetch | Required The lowest severity of the findings to fetch. The possible values are as follows:
Medium. |
Fetch Max Hours Backwards | Optional The number of hours before the first connector iteration to retrieve the incidents from. This parameter applies only once to the initial connector iteration after you enable the connector for the first time. The default value is 1 hour. |
Max Findings To Fetch | Optional The number of findings to process in a one connector iteration. The default value is 50. |
Use whitelist as a blacklist | Required If selected, the connector uses the dynamic list as a blocklist. Not selected by default. |
Verify SSL | Required If selected, Google SecOps verifies that the SSL certificate for the connection to the AWS Security Hub server is valid. Selected by default. |
Proxy Server Address | Optional The address of the proxy server to use. |
Proxy Username | Optional The proxy username to authenticate with. |
Proxy Password | Optional The proxy password to authenticate with. |
Connector rules
TheAWS Security Hub – Findings Connector supports proxies.
Need more help?Get answers from Community members and Google SecOps professionals.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-19 UTC.