Configuring AWS Security Hub CSPM in ServiceNow

This section describes how to configure your AWS services in ServiceNow.

To configure AWS Security Hub CSPM integration features

Enable AWS Security Hub CSPM. For more information, see Setting up AWS Security Hub CSPM with the Console.
Set up an SQS queue to receive updated Findings. Name the queue, AwsServiceManagementConnectorForSecurityHubQueue, to align with the default name in the ServiceNow System Properties for the AWS Security Hub CSPM integration. For more information, see Getting started with Amazon SQS.
Set up an Amazon EventBridge rule to detect changes to Findings and push these to the queue. For more information, see Getting started with Amazon EventBridge.

The rule should have this event pattern and point to the SQS queue created in Step 2.
```
"EventPattern": {

       "source": [

        "aws.securityhub"

        ]
}         
```
You can also customize this CloudWatch Events rule to only pull in Security Hub CSPM findings that have specific finding types, severity labels, workflow statuses, or compliance statuses. For details about how to filter the event pattern, see Configuring an EventBridge rule for automatically sent findings in the AWS Security Hub User Guide.

Note

You can use the CloudFormation templates for the Connector for ServiceNow to automate the AWS Config custom resource and AWS Security Hub CSPM integration features. For more information, see Baseline Permissions.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS Security Hub CSPM

Synchronizing AWS Security Hub CSPM to the Connector in ServiceNow