Integrate Prisma Cloud with AWS Security Hub

Learn how to integrate Prisma™ Cloud with AWS Security Hub so that you can view and monitor your security posture on AWS Security Hub.
You can use AWS Security Hub as a central console to view and monitor the security posture of your cloud assets on AWS Security Hub.
Integrate Prisma™ Cloud with AWS Security Hub for centralized visibility into security and compliance risks associated with your cloud assets on the AWS Security Hub console.
As part of the integration, Prisma Cloud monitors your assets on your AWS cloud and sends alerts about resource misconfigurations, compliance violations, network security risks, and anomalous user activities directly to the AWS Security Hub console so that you have a comprehensive view of the cloud assets deployed on your AWS accounts.
  1. Attach an AWS Security Hub read-only policy to your AWS role to enable this integration on the AWS console.
    1. Log in to the AWS console and select IAM.
    2. Select
      and search for the role name which you had used for onboarding your account on Prisma Cloud.
    3. Click on that role name and
      Add permissions
      Attach Policies
    4. Enter
      as the search term.
    5. Select
      and then
      Attach Policies
  2. Sign up for Prisma Cloud on AWS Security Hub.
    1. Log in to the AWS console and select
      Security Hub
    2. Navigate to
      and enter
      Prisma Cloud Enterprise
      as the search term.
    3. Find
      Palo Alto Networks: Prisma Cloud Enterprise
      Accept findings
  3. Set up the AWS Security Hub Integration on Prisma Cloud.
    Set up the AWS Security Hub as an integration channel on Prisma Cloud so that you can view security alerts and compliance status for all your AWS services from the AWS console.
    1. Log in to Prisma Cloud.
    2. Select
    3. Add Integration
      AWS Security Hub
      . A modal wizard opens where you can add the AWS Security Hub integration.
    4. Set the
      Integration Name
       to the AWS account to which you assigned AWS Security Hub read-only access.
    5. Enter a
      and select a
      You select regions only if you enabled Prisma Cloud on AWS Security Hub for your cloud account.
    6. Next
      . Review the
      and either
      to make changes or
    7. Save
      the integration.
      After you set up the integration successfully, you can use the Get Status link in
      to periodically check the integration status.
  4. Modify an existing alert rule or create a new alert rule to specify when to send alert notifications. (See Send Prisma Cloud Alert Notifications to Third-Party Tools.)
    If you have integrated an AWS Organization account with Security Hub on Prisma Cloud, it is considered as a standalone account. This means you will only receive alerts for the master account on Security Hub, not its child accounts. If you want to receive alerts for every child account linked to that master account, you must repeat Steps 1 through 3 and then configure alert rules for each account.
  5. View Prisma Cloud alerts on AWS Security Hub.
    1. Log in to the AWS console and select
      Security Hub
    2. Click
      to view the alerts.
    3. Select the
      to view details the alert description.

Recommended For You