Integrate with AWS Security Hub

Integrate StackRox with AWS Security Hub.

1 minute read

If you are using AWS Security Hub, you can forward alerts from the StackRox Kubernetes Security Platform to AWS Security Hub.

This guide explains how to integrate the StackRox Kubernetes Security Platform with AWS Security Hub.

To forward alerts from the StackRox Kubernetes Security Platform to AWS Security Hub:

  1. Enable AWS Security Hub integration.
  2. Use the Access Key ID and Secret Access key to create a new integration in the StackRox Kubernetes Security Platform. See Configure the StackRox Kubernetes Security Platform.
  3. Identify policies for which you want to send notifications, and update the notification settings for those policies. See Configure policy notifications.

Alerts in AWS Security Hub
Alerts in AWS Security Hub

Enable AWS Security Hub integration

To enable AWS Security Hub integration for the StackRox Kubernetes Security Platform, you need:

  • a user account with the appropriate permissions to access AWS Security Hub:
    • if you are using an AWS managed policy, use AWSSecurityHubFullAccess.
    • if you are using custom IAM policies, you must include the GetFindings and the BatchImportFindings actions.
  • an Access Key ID and Secret Access Key for that user account.

The Integrations page in the AWS Management Console lists all available product integrations.

  1. Open the AWS Security Hub console at https://console.aws.amazon.com/securityhub/.
  2. In the Security Hub navigation pane, select Integrations.
  3. On the Integrations page, enter stackrox in the Filter integrations box.
  4. Select Accept findings for the StackRox: Kubernetes Security integration.

Configure the StackRox Kubernetes Security Platform

Create a new integration in the StackRox Kubernetes Security Platform by using the Access Key ID and Secret Access Key.

  1. Navigate to Platform Configuration > Integrations.
  2. Under the Plugins section, select AWS Security Hub.
  3. Select New Integration.
  4. Enter a name for Integration Name.
  5. Enter your AWS Account Number.
  6. For AWS Region, select your AWS Security Hub service endpoint region (for example us-east-1).
  7. Enter your Access Key ID and Secret Access Key.
  8. Leave the Integration Active toggle on (default).
  9. Select Test (checkmark icon) to test that the integration with AWS Security Hub is working.
  10. Select Create (save icon) to create the configuration.

Configure policy notifications

  1. Navigate to Platform Configuration > System policies.
  2. Select the check boxes for one or more policies for which you want to send alerts.
  3. Select Enable Notifications or Actions > Enable Notification (depends upon the StackRox Kubernetes Security Platform version you are using).
  4. In the Enable Notifications dialog, select the check box for the AWS Security Hub notifier (same as the Integration Name). If you haven’t configured any other integrations, you’ll see the message No notifiers configured!.
  5. Select Enable.
  • The StackRox Kubernetes Security Platform sends notifications on an opt-in basis. To receive notifications, you must first assign a notifier to the policy.

  • Notifications are only sent once for a given alert. If you have assigned a notifier to a policy, you won’t receive a notification unless a violation generates a new alert. The StackRox Kubernetes Security Platform creates a new alert when:

    • a policy violation occurs for the first time in a deployment, or
    • a runtime-phase policy violation occurs in a deployment after you resolved the previous runtime alert for that policy in that deployment.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.