Don't have AttackIQ? Learn more
The AttackIQ Platform provides the capability to send notifications for scheduled assessment results to AWS Security Hub. With this facility, you can set a minimum prevention rate for a scheduled assessment. When the prevention percentage falls below this threshold, the AttackIQ Platform will send a notification to your Security Hub Console conveying the assessment results.
This guide will show you how to configure the AWS Security Notification facility for your scheduled assessments.
To configure AWS Security Hub notifications, follow this procedure:
- Open your AttackIQ Platform UI then click on the assessment you want to schedule.
- Click on the Scheduled menu item, then schedule your assessment. The details of how this is done will not be covered in this guide.
- Click on the Notification menu item.
- Click on the Global Config button.
- Click on the AWS Configure button.
- Enter your AWS Account ID
- Enter your AWS Region
- Click on the TEST CONNECTION button to send a test notification.
- Click on the Update button to save the notification configuration fo your scheduled assessment.
- Click on the AWS STATUS switch to enable AWS notifications.
- Click on the AWS toggle switch to enable notifications for your assessment.
- Click on the SET THRESHOLD button.
- Set the desired threshold with the slider control.
- Click on Save button.
To see your Security Hub notifications:
- Open your AWS Management Console
- Click on Security Hub in the Security, Identity, & Compliance section.
- Click on Findings in the menu on the left.
- Click on the empty part of the search box.
- Select Severity label from the menu.
- Enter CRITICAL.
- Click on Apply.
You should get findings that look like the following.
In this example, both a test notification and a scheduled assessment notification are shown.
