Amazon Security Hub logo

Amazon Security Hub

AWS Security Hub is a cloud security posture management service that provides a comprehensive view of your security state across AWS accounts. It aggregates, organizes, and prioritizes security findings from multiple AWS services and third-party tools, enabling centralized security monitoring, compliance checking, and automated remediation workflows.

1 APIs 8 Features
ComplianceMonitoringSecurity

APIs

AWS Security Hub API

The AWS Security Hub API provides programmatic access to manage centralized security findings across your AWS environment. It enables developers to import and manage security fi...

Features

Multi-Account Findings Aggregation

Aggregate security findings from across multiple AWS accounts and regions into a single pane of glass.

AWS Security Finding Format (ASFF)

Standardized JSON format for all security findings enabling consistent analysis and automation.

Built-in Compliance Standards

Automated compliance checks against CIS AWS Foundations, PCI DSS, NIST, SOC 2, and AWS Foundational Security Best Practices.

Third-Party Integrations

Ingest findings from 80+ third-party security partners including CrowdStrike, Palo Alto Networks, and Splunk.

Automated Remediation

Trigger automated remediation via Amazon EventBridge and AWS Security Hub automated response and remediation.

Security Insights

Correlated views of security findings to highlight areas needing attention.

Custom Actions

Create custom actions to send findings to ticketing, chat, and SOAR platforms.

Cross-Region Aggregation

Aggregate findings across multiple AWS regions into a designated aggregation region.

Use Cases

Cloud Security Posture Management

Continuously monitor your AWS environment for security misconfigurations and compliance gaps.

Compliance Reporting

Automate compliance checks and generate reports for CIS, PCI DSS, NIST, and other frameworks.

Multi-Account Security Operations

Centralize security monitoring across dozens or hundreds of AWS accounts in an organization.

Threat Detection Aggregation

Aggregate findings from GuardDuty, Inspector, Macie, and third-party tools in one place.

Automated Incident Response

Trigger automated remediation workflows when critical findings are detected.

Security Tool Consolidation

Replace multiple point solutions with centralized finding aggregation and normalized data.

Semantic Vocabularies

Amazon Security Hub Context

1 classes · 15 properties

JSON-LD

API Governance Rules

Amazon Security Hub API Rules

18 rules · 8 errors 8 warnings 2 info

SPECTRAL

Resources

🔗
PostmanWorkspace
PostmanWorkspace
🔗
ArazzoWorkflows
ArazzoWorkflows
🌐
Portal
Portal
🚀
GettingStarted
GettingStarted
🔗
Documentation
Documentation
🔗
APIReference
APIReference
🌐
Console
Console
📝
SignUp
SignUp
💰
Pricing
Pricing
💬
FAQ
FAQ
📰
Blog
Blog
🟢
StatusPage
StatusPage
💬
Support
Support
📜
TermsOfService
TermsOfService
📜
PrivacyPolicy
PrivacyPolicy
🔗
Compliance
Compliance
👥
GitHubOrganization
GitHubOrganization
👥
YouTube
YouTube
👥
StackOverflow
StackOverflow
🔗
KnowledgeCenter
KnowledgeCenter
🔗
SpectralRules
SpectralRules
🔗
Vocabulary
Vocabulary
🔗
JSONLD
JSONLD
🔗
JSONStructure
JSONStructure
💻
Example
Example

Sources

Raw ↑ 
name: Amazon Security Hub
description: >-
  AWS Security Hub is a cloud security posture management service that provides a comprehensive view of your security
  state across AWS accounts. It aggregates, organizes, and prioritizes security findings from multiple AWS services and
  third-party tools, enabling centralized security monitoring, compliance checking, and automated remediation workflows.
url: https://aws.amazon.com/security-hub/
baseURL: https://securityhub.amazonaws.com
kind: company
created: '2024-01-15'
modified: '2026-05-19'
tags:
  - AWS
  - Compliance
  - Monitoring
  - Security
apis:
  - name: AWS Security Hub API
    description: >-
      The AWS Security Hub API provides programmatic access to manage centralized security findings across your AWS
      environment. It enables developers to import and manage security findings, configure security standards and
      controls, manage integrations with other AWS services and third-party tools, and automate security workflows.
    humanURL: https://docs.aws.amazon.com/securityhub/latest/APIReference/
    baseURL: https://securityhub.{region}.amazonaws.com
    tags:
      - AWS
      - Compliance
      - Monitoring
      - Security
    properties:
      - type: Documentation
        url: https://docs.aws.amazon.com/securityhub/latest/APIReference/
      - type: OpenAPI
        url: openapi/amazon-security-hub-openapi.yml
      - type: JSONSchema
        url: json-schema/amazon-security-hub-finding-schema.json
common:
  - type: PostmanWorkspace
    url: https://www.postman.com/kinlaneapi/amazon-security-hub/overview
  - type: ArazzoWorkflows
    url: arazzo/
    workflows:
      - url: arazzo/amazon-security-hub-bootstrap-posture-baseline-workflow.yml
        name: Amazon Security Hub Bootstrap Posture Baseline
        summary: Enable Security Hub, confirm its standards, and capture an initial findings baseline.
      - url: arazzo/amazon-security-hub-enable-hub-and-review-standards-workflow.yml
        name: Amazon Security Hub Enable Hub and Review Standards
        summary: Enable Security Hub for the account and review which security standards are now available.
      - url: arazzo/amazon-security-hub-onboard-product-integration-workflow.yml
        name: Amazon Security Hub Onboard Product Integration
        summary: Enable a partner product integration and verify its findings flow into Security Hub.
      - url: arazzo/amazon-security-hub-review-insight-findings-workflow.yml
        name: Amazon Security Hub Review Insight Findings
        summary: List a saved insight and drill into the findings behind it.
      - url: arazzo/amazon-security-hub-standards-compliance-audit-workflow.yml
        name: Amazon Security Hub Standards Compliance Audit
        summary: List the enabled security standards and pull the failing compliance findings behind them.
      - url: arazzo/amazon-security-hub-triage-and-update-findings-workflow.yml
        name: Amazon Security Hub Triage and Update Findings
        summary: Retrieve high-severity findings and update them by re-importing the modified records.
  - type: Portal
    url: https://aws.amazon.com/
  - type: GettingStarted
    url: https://aws.amazon.com/security-hub/getting-started/
  - type: Documentation
    url: https://docs.aws.amazon.com/securityhub/
  - type: APIReference
    url: https://docs.aws.amazon.com/securityhub/latest/APIReference/
  - type: Console
    url: https://console.aws.amazon.com/securityhub/
  - type: SignUp
    url: https://signin.aws.amazon.com/signup?request_type=register
  - type: Pricing
    url: https://aws.amazon.com/security-hub/pricing/
  - type: FAQ
    url: https://aws.amazon.com/security-hub/faqs/
  - type: Blog
    url: https://aws.amazon.com/blogs/security/
  - type: StatusPage
    url: https://health.aws.amazon.com/health/status
  - type: Support
    url: https://aws.amazon.com/premiumsupport/
  - type: TermsOfService
    url: https://aws.amazon.com/service-terms/
  - type: PrivacyPolicy
    url: https://aws.amazon.com/privacy/
  - type: Compliance
    url: https://aws.amazon.com/compliance/
  - type: GitHubOrganization
    url: https://github.com/aws
  - type: YouTube
    url: https://www.youtube.com/user/AmazonWebServices
  - type: StackOverflow
    url: https://stackoverflow.com/questions/tagged/aws-security-hub
  - type: KnowledgeCenter
    url: https://repost.aws/knowledge-center
  - type: SpectralRules
    url: rules/amazon-security-hub-spectral-rules.yml
  - type: Vocabulary
    url: vocabulary/amazon-security-hub-vocabulary.yaml
  - type: Features
    data:
      - name: Multi-Account Findings Aggregation
        description: Aggregate security findings from across multiple AWS accounts and regions into a single pane of glass.
      - name: AWS Security Finding Format (ASFF)
        description: Standardized JSON format for all security findings enabling consistent analysis and automation.
      - name: Built-in Compliance Standards
        description: >-
          Automated compliance checks against CIS AWS Foundations, PCI DSS, NIST, SOC 2, and AWS Foundational Security
          Best Practices.
      - name: Third-Party Integrations
        description: Ingest findings from 80+ third-party security partners including CrowdStrike, Palo Alto Networks, and Splunk.
      - name: Automated Remediation
        description: Trigger automated remediation via Amazon EventBridge and AWS Security Hub automated response and remediation.
      - name: Security Insights
        description: Correlated views of security findings to highlight areas needing attention.
      - name: Custom Actions
        description: Create custom actions to send findings to ticketing, chat, and SOAR platforms.
      - name: Cross-Region Aggregation
        description: Aggregate findings across multiple AWS regions into a designated aggregation region.
  - type: UseCases
    data:
      - name: Cloud Security Posture Management
        description: Continuously monitor your AWS environment for security misconfigurations and compliance gaps.
      - name: Compliance Reporting
        description: Automate compliance checks and generate reports for CIS, PCI DSS, NIST, and other frameworks.
      - name: Multi-Account Security Operations
        description: Centralize security monitoring across dozens or hundreds of AWS accounts in an organization.
      - name: Threat Detection Aggregation
        description: Aggregate findings from GuardDuty, Inspector, Macie, and third-party tools in one place.
      - name: Automated Incident Response
        description: Trigger automated remediation workflows when critical findings are detected.
      - name: Security Tool Consolidation
        description: Replace multiple point solutions with centralized finding aggregation and normalized data.
  - type: Integrations
    data:
      - name: Amazon GuardDuty
        description: Native integration to ingest GuardDuty threat detection findings.
      - name: Amazon Inspector
        description: Aggregate Inspector vulnerability assessment findings.
      - name: Amazon Macie
        description: Ingest Macie sensitive data discovery findings.
      - name: AWS Config
        description: Integration with Config rules for configuration compliance findings.
      - name: Amazon EventBridge
        description: Trigger automated remediation and notification workflows based on findings.
      - name: AWS Lambda
        description: Execute custom remediation actions in response to security findings.
      - name: AWS Organizations
        description: Enable Security Hub across all accounts in an AWS Organization.
      - name: CrowdStrike
        description: Third-party integration for endpoint detection and response findings.
      - name: Splunk
        description: Export Security Hub findings to Splunk SIEM for advanced analysis.
      - name: Palo Alto Networks
        description: Ingest Prisma Cloud and other Palo Alto findings via Security Hub integration.
  - type: JSONLD
    url: json-ld/amazon-security-hub-context.jsonld
  - type: JSONStructure
    url: json-structure/amazon-security-hub-finding-structure.json
  - type: Example
    url: examples/amazon-security-hub-finding-example.json
  - type: Integrations
    url: https://aws.amazon.com/partners/
integrations:
  - name: Partner Programs
  - name: Resources
  - name: Success Stories
  - name: Work with an AWS Partner
  - name: AWS Marketplace
  - name: AWS Partner Central
  - name: Partner Paths
  - name: co-sell with AWS
maintainers:
  - FN: Kin Lane
    email: [email protected]