Integrate Prisma Cloud with AWS Security Hub

Learn how to integrate Prisma™ Cloud with AWS Security Hub so that you can view and monitor your security posture on AWS Security Hub.
You can use AWS Security Hub as a central console to view and monitor the security posture of your cloud assets on the Amazon AWS Security Hub console.
Integrate Prisma™ Cloud with AWS Security Hub for centralized visibility into security and compliance risks associatedwith your cloud assets on the AWS Security Hub console.
As part of the integration, Prisma Cloud monitors your assets on your AWS cloud and sends alerts about resource misconfigurations, compliance violations, network security risks, and anomalous user activities directly to the Security Hub console so that you have a comprehensive view of the cloud assets deployed on your AWS accounts.
  1. Attach a AWS Security Hub read-only policy to your AWS administrator user role to enable this integration on the Amazon console.
    1. Log in to the AWS console and select IAM.
    2. Select
      Users
      and select the AWS administrator who is creating the integration.
    3. Add permissions
      .
      securityhub-createrole-user.png
    4. Attach existing policies Directly
      .
      securityhub-grant-permissions.png
    5. Select
      AWSSecurityHubReadOnlyAccess
      and then
      Next:Review
      .
      securityhub-attachpolicy-to-user.png
    6. Add Permissions
      .
  2. Sign up for Prisma Cloud on AWS Security Hub.
    1. Log in to the AWS console and select 
      Security Hub
      .
      securityhub-aws.png
    2. Select
      Settings
      Integrations
      and enter
      Palo Alto Networks
      as the search term.
      securityhub-subscribe-prisma-cloud.png
    3. Find
      Palo Alto Networks: Prisma Cloud
      and 
      Enable Integration
      .
      securityhub-enabled-prisma-cloud.png
  3. Set up the AWS Security Hub Integration on Prisma Cloud.
    Set up the AWS Security Hub as an integration channel on Prisma Cloud so that you can view security alerts and compliance status for all your AWS services from the AWS console.
    1. Log in to Prisma Cloud.
    2. Select
      Settings
      Integrations
      .
    3. Select 
      +New Integration
      .
    4. Select
      AWS Security Hub
       as the
      Integration Type
      .
    5. Set the
      Integration Name
       to the AWS account to which you assigned AWS Security Hub read-only access.
    6. Enter a
      Description
      and select a
      Region
      .
      You can select regions only if you enabled Prisma Cloud on AWS Security Hub for your cloud account.
      securityhub-add-integration-in-prisma-cloud.png
    7. Click
      Next
       and then 
      Test
      .
      After you set up the integration successfully, if there is a permission exception for the enabled regions, the status turns red (
      Settings
      Integrations
      ) and turns green when the issue is resolved.
  4. Modify an existing alert rule or create a new alert rule to specify when to send alert notifications. (See Send Prisma Cloud Alert Notifications to Third-Party Tools.)
  5. View Prisma Cloud alerts on AWS Security Hub.
    1. Log in to the AWS console and select
      Security Hub
      .
    2. Click 
      Findings
       to view the alerts.
    3. Select the
      Title
      to view details about the alert description.
      securityhub-findings-details.png

Related Documentation