Integrate Prisma Cloud with AWS Security Hub
Learn how to integrate Prisma™ Cloud with AWS Security Hub so that you can view and monitor your security posture on AWS Security Hub.
You can use AWS Security Hub as a central console to view and monitor the security posture of your cloud assets on AWS Security Hub.
Integrate Prisma™ Cloud with AWS Security Hub for centralized visibility into security and compliance risks associated with your cloud assets on the AWS Security Hub console.
As part of the integration, Prisma Cloud monitors your assets on your AWS cloud and sends alerts about resource misconfigurations, compliance violations, network security risks, and anomalous user activities directly to the AWS Security Hub console so that you have a comprehensive view of the cloud assets deployed on your AWS accounts.
- Attach an AWS Security Hub read-only policy to your AWS role to enable this integration on the AWS console.
- Log in to the AWS console and select IAM.
- SelectRolesand search for the role name which you had used for onboarding your account on Prisma Cloud.
- Click on that role name and .
- EnterSecurityHubReadas the search term.
- SelectAWSSecurityHubReadOnlyAccessand thenAttach Policies.
- Sign up for Prisma Cloud on AWS Security Hub.
- Log in to the AWS console and selectSecurity Hub.
- Navigate toIntegrationsand enterPrisma Cloud Enterpriseas the search term.
- FindPalo Alto Networks: Prisma Cloud EnterpriseandAccept findings.
- Set up the AWS Security Hub Integration on Prisma Cloud.Set up the AWS Security Hub as an integration channel on Prisma Cloud so that you can view security alerts and compliance status for all your AWS services from the AWS console.
- Log in to Prisma Cloud.
- Select .
- . A modal wizard opens where you can add the AWS Security Hub integration.
- Set theIntegration Nameto the AWS account to which you assigned AWS Security Hub read-only access.
- Enter aDescriptionand select aRegion.You select regions only if you enabled Prisma Cloud on AWS Security Hub for your cloud account.
- Next. Review theSummaryand eithereditto make changes orTest.
- Savethe integration.After you set up the integration successfully, you can use the Get Status link in to periodically check the integration status.
- Modify an existing alert rule or create a new alert rule to specify when to send alert notifications. (See Send Prisma Cloud Alert Notifications to Third-Party Tools.)If you have integrated an AWS Organization account with Security Hub on Prisma Cloud, it is considered as a standalone account. This means you will only receive alerts for the master account on Security Hub, not its child accounts. If you want to receive alerts for every child account linked to that master account, you must repeat Steps 1 through 3 and then configure alert rules for each account.
- View Prisma Cloud alerts on AWS Security Hub.
- Log in to the AWS console and selectSecurity Hub.
- ClickFindingsto view the alerts.
- Select theTitleto view details the alert description.
