Configuring the integration to the destination

Configuring this integration requires setup in both systems as explained in the following steps

  1. Sign in to the Aqua console
  2. Select CSPM from the mega menu.
  3. Navigate to Integrations and click Create Integration
  4. In the Create New Integrationbox, enter values for the following fields:
    • Name (of the integration)
    • Integration type, choose AWS Security Hub
  5. AWS Security Hub integration requires an additional IAM role to push findings to your Security Hub. To create this role via CloudFormation:
    • After selecting AWS Security Hub from the Integration Type, click "here" and open the link in the same browser. Make sure not to refresh or leave the Aqua console.
    • Sign in to the AWS account as an IAM user with proper permissions. Ensure that the cloud account has AWS Security Hub enabled for the particular region.
    • Select U.S East (N.Virginia) region from the drop-down.
    • Navigate to Services > CloudFormation > Stacks.
    • Select I acknowledge that AWS ClodFormation might create IAM resources. Click Create Stack.
    • Select the Outputs tab and copy the AquaCSPMSecHubArn key value for use in the next step.
  6. In the Aqua console, paste the copied Role ARN value.
  7. Select US-east-1 under Region.
  8. Click Save. The integration is now available for use.

Customizing the integration

You can customize the alerts that Aqua sends to AWS Security Hub.

  1. In the Integrations page, locate the newly created AWS Security Hub integration and click on three vertical dots at the end.
  2. Click Edit Integration.
  3. Choose Customize Per-Account.
  4. In the desired cloud account, select either Send All Reports or New Risks Only. Alternatively, you can also choose not to send any reports by clicking Do Not Send Reports