Amazon EventBridge

Amazon EventBridge enables event-driven architecture for Security Incident Response, allowing case activity to trigger downstream services (SNS, Lambda, SQS, Step-Functions) or external tools (Jira, ServiceNow, Teams, Slack, PagerDuty).

To configure EventBridge rules:

Access Amazon EventBridge
Select Rules from the Buses dropdown.
Choose Create Rule.
Enter the Rule Detail.
Choose Next.
Scroll to AWS service,. and then select AWS Security Incident Response from the drop down menu.
From the Event Type dropdown, select the event or API call you want to create a pattern for.
You can manually edit the pattern to include more than one event.
Choose Next.

Note

Select one or more targets (Amazon Simple Notification Service, AWS Lambda, SSM document, Step-Function) for your events. Configure cross-account targets, if necessary.

You can check for partner integration patterns under Partner Event Sources in the EventBridge Integration menu. Available partners include Atlassian (Jira), DataDog, New Relic, PagerDuty, Symantec, and Zendesk, among many others.

AWS services send events to the EventBridge default event bus. If the event matches a rule's event pattern, EventBridge sends the event to the targets specified for that rule.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

GuardDuty findings and suppression rules

Integrations and external tooling workflow