Versions Compared

Old Version 8

changes.mady.by.user Shivi Sivasubramanian

Saved on

compared with

New Version 9

changes.mady.by.user Shivi Sivasubramanian

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Amazon Security Hub is a bidirectional integration .

...

and setting it up involves multiple steps:

  • Add an Amazon Security Hub integration in Jira Service Management

  • Configure the integration in Amazon Security Hub

  • Configure the integration in Amazon SNS

  • Configure the integration in Amazon CloudWatch Events

  • Configure the integration in Amazon EventBridge Events

  • Send updates back to Amazon Security Hub

Add Amazon Security Hub integration

To add an Amazon Security Hub integration in Jira Service Management:

  1. Go to your team’s operations page.

  2. On the left navigation panel, select Integrations and then Add integration.

  3. Run a search and select “Amazon Security Hub”.

  4. On the next screen, enter aname for the integration.

  5. Optional: Select a team in Assignee team if you want a specific team to receive alerts from the integration.

  6. Select Continue.
    The integration is saved at this point.

  7. Expand the Steps to configure the integration section and copy the integration endpoint URL.
    You will use this URL while configuring the integration in Amazon Security Hub later.

  8. Select Turn on integration.
    The rules you create for the integration will work only if you turn on the integration.

...

Configure the integration in Amazon Security Hub

...

  1. Create a custom Security Hub action.

  2. Create a rule in CloudWatch Events for Security Hub findings and an SNS topic for CloudWatch Event target by using the CloudFormation template.

  3. Paste the URL you copied while adding the integration in Jira Service Management into SNSSubEndpoint in the CloudFormation template.

  4. Copy-paste the following (after entering the custom Security Hub action ARN you created in Step 1) into EventPatternParameter in the CloudFormation template.

    Code Block
    {
  "source": [
    "aws.securityhub"
  ],
  "detail-type": [
    "Security Hub Findings - Custom Action"
  ],
  "resources": [
    "< CUSTOM ACTION ARN YOU CREATED IN SECURITY HUB >"
  ]
}

  5. If the configuration is successful, a confirmation alert is created in Jira Service Management.

  6. Select Send Alert Updates Back to AmazonSecurityHub to enable the outgoing functionality.

  7. Allow Jira Service Management to access the Security Hub resources through an IAM Role.
    Use CloudFormation template to create an IAM role.

  8. Copy-paste the IAM Role ARN into AmazonSecurityHub Role ARN.

  9. Select the AWS region where you’ve set up the Security Hub.

...

Configure the integration in Amazon SNS

  1. Go to AWS SNS, select Topics > Create topic.

  2. When on the Subscription tab, select Create subscription. This is how you’ll send SNS messages to Jira Service Management.

  3. In the Protocol field select HTTPS as an endpoint type.

  4. In the Endpoint field, enter the API endpoint URL you copied while adding the integration in Jira Service Management.

...

Configure the integration in Amazon CloudWatch Events

...

  1. In your Amazon CloudWatch account select Events > Rules.

  2. Then select Create rule.

  3. In the Event Source section select the Event Pattern option.

  4. Then select Build event pattern to match all events from the dropdown menu.

  5. Select Edit in the Event Pattern Preview and enter the script below provided to you under this section.

  6. In the Targets section select the SNS topic from the dropdown menu, then select the topic you’ve created before.

  7. Select Configure details and enter a name, description, and other details.

  8. When done, select Create rule.

...

Code Block
{
  "source": [
    "aws.securityhub"
  ],
  "detail-type": [
    "Security Hub Findings - Custom Action"
  ],
  "resources": [
    <custom action arn you created in security hub>
  ]
}

...

Configure the integration in Amazon EventBridge Events

...

  1. Go to Amazon EventBridge and select Rules.

  2. Select Create rule.

  3. In Step 1, enter a Name and Description for this rule.

  4. Select Rule with an event patterns as Rue type and select Next.

  5. In Step 2, select AWS events and EventBrigde partner events as the Event source.

  6. Then, select AWS services as Event source.

  7. Select Security Hub as AWS Service.

  8. In the Event Type section, select the custom action you created in the security hub.

  9. Select Next.

  10. In Step 3, select SNS topic from the dropdown menu in Target types, then select the topic you created before in the Topic field.

  11. Select Next.

  12. In Step 5, review and create the rule.

...

Send updates back to Amazon Security Hub

Complete the following steps to send alert updates back to Amazon Security Hub:

...