Integrate Prisma Cloud with AWS Security Hub

Learn how to integrate Prisma™ Cloud with AWS Security Hub so that you can view and monitor your security posture on AWS Security Hub.
You can use AWS Security Hub as a central console to view and monitor the security posture of your cloud assets on AWS Security Hub.
Integrate Prisma™ Cloud with AWS Security Hub for centralized visibility into security and compliance risks associated with your cloud assets on the AWS Security Hub console.
As part of the integration, Prisma Cloud monitors your assets on your AWS cloud and sends alerts about resource misconfigurations, compliance violations, network security risks, and anomalous user activities directly to the AWS Security Hub console so that you have a comprehensive view of the cloud assets deployed on your AWS accounts.
  1. Attach an AWS Security Hub read-only policy to your AWS administrator user role to enable this integration on the AWS console.
    1. Log in to the AWS console and select IAM.
    2. Select
      and select the AWS administrator who is creating the integration.
    3. Add permissions
    4. Attach existing policies directly
    5. Select
      and then
      Next: Review
    6. Add Permissions
  2. Sign up for Prisma Cloud on AWS Security Hub.
    1. Log in to the AWS console and select 
      Security Hub
    2. Select Settings > Integrations and enter
      Palo Alto Networks
      as the search term.
    3. Find
      Palo Alto Networks: Prisma Cloud
      Enable Integration
  3. Set up the AWS Security Hub Integration on Prisma Cloud.
    Set up the AWS Security Hub as an integration channel on Prisma Cloud so that you can view security alerts and compliance status for all your AWS services from the AWS console.
    1. Log in to Prisma Cloud.
    2. Select
    3. Add Integration
      AWS Security Hub
      . A modal wizard opens where you can add the AWS Security Hub integration.
    4. Set the
      Integration Name
       to the AWS account to which you assigned AWS Security Hub read-only access.
    5. Enter a
      and select a
      You select regions only if you enabled Prisma Cloud on AWS Security Hub for your cloud account.
    6. Next
      . Review the
      and either
      to make changes or
    7. Save
      the integration.
      After you set up the integration successfully, you can use the Get Status link in
      to periodically check the integration status.
  4. Modify an existing alert rule or create a new alert rule to specify when to send alert notifications. (See Send Prisma Cloud Alert Notifications to Third-Party Tools.)
  5. View Prisma Cloud alerts on AWS Security Hub.
    1. Log in to the AWS console and select
      Security Hub
    2. Click 
       to view the alerts.
    3. Select the
      to view details the alert description.

Recommended For You