AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-06-19 · Documentation low

File: securityhub/latest/userguide/automation-rules.md

Summary

Updated documentation to reflect branding changes from 'Security Hub' to 'Security Hub CSPM' (Cloud Security Posture Management) throughout the file, including API references, console references, and product names. Changed 'preview' to 'beta' in console description.

Security assessment

The changes are primarily branding updates and terminology alignment with CSPM product naming. No specific security vulnerabilities or weaknesses are addressed. The modifications clarify product context but don't introduce new security controls or address security flaws.

Diff

diff --git a/securityhub/latest/userguide/automation-rules.md b/securityhub/latest/userguide/automation-rules.md
index 70681f5af..baebfdd79 100644
--- a//securityhub/latest/userguide/automation-rules.md
+++ b//securityhub/latest/userguide/automation-rules.md
@@ -3 +3 @@
-[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html)
+[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html)
@@ -7 +7 @@ Defining rule criteria and rule actionsAvailable rule criteria and rule actionsF
-# Understanding automation rules in Security Hub
+# Understanding automation rules in Security Hub CSPM
@@ -9 +9 @@ Defining rule criteria and rule actionsAvailable rule criteria and rule actionsF
-You can use automation rules to automatically update findings in AWS Security Hub. As it ingests findings, Security Hub can apply a variety of rule actions, such as suppressing findings, changing their severity, and adding notes. Such rule actions modify findings that match your specified criteria.
+You can use automation rules to automatically update findings in AWS Security Hub Cloud Security Posture Management (CSPM). As it ingests findings, Security Hub CSPM can apply a variety of rule actions, such as suppressing findings, changing their severity, and adding notes. Such rule actions modify findings that match your specified criteria.
@@ -22 +22 @@ Examples of use cases for automation rules include the following:
-You can create and manage automation rules from a Security Hub administrator account only.
+You can create and manage automation rules from a Security Hub CSPM administrator account only.
@@ -24 +24 @@ You can create and manage automation rules from a Security Hub administrator acc
-Rules apply to both new findings and updated findings. You can create a custom rule from scratch, or use a rule template provided by Security Hub. You can also start with a template and modify it as needed.
+Rules apply to both new findings and updated findings. You can create a custom rule from scratch, or use a rule template provided by Security Hub CSPM. You can also start with a template and modify it as needed.
@@ -28 +28 @@ Rules apply to both new findings and updated findings. You can create a custom r
-From a Security Hub administrator account, you can create an automation rule by defining one or more rule _criteria_ and one or more rule _actions_. When a finding matches the defined criteria, Security Hub applies the rule actions to it. For more information about available criteria and actions, see Available rule criteria and rule actions.
+From a Security Hub CSPM administrator account, you can create an automation rule by defining one or more rule _criteria_ and one or more rule _actions_. When a finding matches the defined criteria, Security Hub CSPM applies the rule actions to it. For more information about available criteria and actions, see Available rule criteria and rule actions.
@@ -30 +30 @@ From a Security Hub administrator account, you can create an automation rule by
-Security Hub currently supports a maximum of 100 automation rules for each administrator account.
+Security Hub CSPM currently supports a maximum of 100 automation rules for each administrator account.
@@ -32 +32 @@ Security Hub currently supports a maximum of 100 automation rules for each admin
-The Security Hub administrator account can also edit, view, and delete automation rules. A rule applies to matching findings in the administrator account and all of its member accounts. By providing member account IDs as rule criteria, Security Hub administrators can also use automation rules to update or suppress findings in specific member accounts.
+The Security Hub CSPM administrator account can also edit, view, and delete automation rules. A rule applies to matching findings in the administrator account and all of its member accounts. By providing member account IDs as rule criteria, Security Hub CSPM administrators can also use automation rules to update or suppress findings in specific member accounts.
@@ -34 +34 @@ The Security Hub administrator account can also edit, view, and delete automatio
-An automation rule applies only in the AWS Region in which it's created. To apply a rule in multiple Regions, the administrator must create the rule in each Region. This can be done through the Security Hub console, Security Hub API, or [AWS CloudFormation](./creating-resources-with-cloudformation.html).You can also use a [multi-Region deployment script](https://github.com/awslabs/aws-securityhub-multiaccount-scripts/blob/master/automation_rules).
+An automation rule applies only in the AWS Region in which it's created. To apply a rule in multiple Regions, the administrator must create the rule in each Region. This can be done through the Security Hub CSPM console, Security Hub CSPM API, or [AWS CloudFormation](./creating-resources-with-cloudformation.html).You can also use a [multi-Region deployment script](https://github.com/awslabs/aws-securityhub-multiaccount-scripts/blob/master/automation_rules).
@@ -81 +81 @@ Rule criterion | Filter operators | Field type
-For criteria that are labeled as string fields, using different filter operators on the same field affects the evaluation logic. For more information, see [StringFilter](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_StringFilter.html) in the _AWS Security Hub API Reference_.
+For criteria that are labeled as string fields, using different filter operators on the same field affects the evaluation logic. For more information, see [StringFilter](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_StringFilter.html) in the _AWS Security Hub Cloud Security Posture Management (CSPM) API Reference_.
@@ -83 +83 @@ For criteria that are labeled as string fields, using different filter operators
-Each criterion supports a maximum number of values that can be used to filter matching findings. For the limits on each criterion, see [AutomationRulesFindingFilters](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AutomationRulesFindingFilters.html) in the _AWS Security Hub API Reference_.
+Each criterion supports a maximum number of values that can be used to filter matching findings. For the limits on each criterion, see [AutomationRulesFindingFilters](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AutomationRulesFindingFilters.html) in the _AWS Security Hub Cloud Security Posture Management (CSPM) API Reference_.
@@ -112 +112 @@ For more information about specific ASFF fields, see [AWS Security Finding Forma
-If you want Security Hub to stop generating findings for a specific control, we recommend disabling the control instead of using an automation rule. When you disable a control, Security Hub stops running security checks on it and stops generating findings for it, so you won't incur charges for that control. We recommend using automation rules to change the values of specific ASFF fields for findings that match defined criteria. For more information about disabling controls, see [Disabling controls in Security Hub](./disable-controls-overview.html).
+If you want Security Hub CSPM to stop generating findings for a specific control, we recommend disabling the control instead of using an automation rule. When you disable a control, Security Hub CSPM stops running security checks on it and stops generating findings for it, so you won't incur charges for that control. We recommend using automation rules to change the values of specific ASFF fields for findings that match defined criteria. For more information about disabling controls, see [Disabling controls in Security Hub CSPM](./disable-controls-overview.html).
@@ -116 +116 @@ If you want Security Hub to stop generating findings for a specific control, we
-An automation rule evaluates new and updated findings that Security Hub generates or ingests through the [BatchImportFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) operation _after_ you create the rule. Security Hub updates control findings every 12-24 hours or when the associated resource changes state. For more information, see [Schedule for running security checks](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-schedule.html).
+An automation rule evaluates new and updated findings that Security Hub CSPM generates or ingests through the [BatchImportFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) operation _after_ you create the rule. Security Hub CSPM updates control findings every 12-24 hours or when the associated resource changes state. For more information, see [Schedule for running security checks](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-schedule.html).
@@ -118 +118 @@ An automation rule evaluates new and updated findings that Security Hub generate
-Automation rules evaluate original, provider-supplied findings. Providers can supply new findings and update existing findings through the `BatchImportFindings` operation of the Security Hub API. Rules aren't triggered when you update finding fields after rule creation through the [BatchUpdateFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html) operation. If you create an automation rule and make a `BatchUpdateFindings` update that both affect the same finding field, the last update sets the value for that field. Take the following example:
+Automation rules evaluate original, provider-supplied findings. Providers can supply new findings and update existing findings through the `BatchImportFindings` operation of the Security Hub CSPM API. Rules aren't triggered when you update finding fields after rule creation through the [BatchUpdateFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html) operation. If you create an automation rule and make a `BatchUpdateFindings` update that both affect the same finding field, the last update sets the value for that field. Take the following example:
@@ -133 +133 @@ Automation rules evaluate original, provider-supplied findings. Providers can su
-When you create or edit a rule on the Security Hub console, the console displays a preview of findings that match the rule criteria. Whereas automation rules evaluate original findings sent by the finding provider, the console preview reflects findings in their final state as they would be shown in a response to the [GetFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html) API operation (that is, after rule actions or other updates are applied to the finding).
+When you create or edit a rule on the Security Hub CSPM console, the console displays a beta of findings that match the rule criteria. Whereas automation rules evaluate original findings sent by the finding provider, the console beta reflects findings in their final state as they would be shown in a response to the [GetFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html) API operation (that is, after rule actions or other updates are applied to the finding).
@@ -137 +137 @@ When you create or edit a rule on the Security Hub console, the console displays
-When creating automation rules, you assign each rule an order. This determines the order in which Security Hub applies your automation rules, and becomes important when multiple rules relate to the same finding or finding field.
+When creating automation rules, you assign each rule an order. This determines the order in which Security Hub CSPM applies your automation rules, and becomes important when multiple rules relate to the same finding or finding field.
@@ -141 +141 @@ When multiple rule actions relate to the same finding or finding field, the rule
-When you create a rule in the Security Hub console, Security Hub automatically assigns rule order based on the order of rule creation. The most recently created rule has the lowest numerical value for rule order and therefore applies first. Security Hub applies subsequent rules in ascending order.
+When you create a rule in the Security Hub CSPM console, Security Hub CSPM automatically assigns rule order based on the order of rule creation. The most recently created rule has the lowest numerical value for rule order and therefore applies first. Security Hub CSPM applies subsequent rules in ascending order.
@@ -143 +143 @@ When you create a rule in the Security Hub console, Security Hub automatically a
-When you create a rule through the Security Hub API or AWS CLI, Security Hub applies the rule with the lowest numerical value for `RuleOrder` first. It then applies subsequent rules in ascending order. If multiple findings have the same `RuleOrder`, Security Hub applies a rule with an earlier value for the `UpdatedAt` field first (that is, the rule which was most recently edited applies last).
+When you create a rule through the Security Hub CSPM API or AWS CLI, Security Hub CSPM applies the rule with the lowest numerical value for `RuleOrder` first. It then applies subsequent rules in ascending order. If multiple findings have the same `RuleOrder`, Security Hub CSPM applies a rule with an earlier value for the `UpdatedAt` field first (that is, the rule which was most recently edited applies last).
@@ -153 +153 @@ You can modify rule order at any time.
-    * `ProductName` = `Security Hub`
+    * `ProductName` = `Security Hub CSPM`
@@ -185 +185 @@ You can modify rule order at any time.
-Rule A actions apply first to Security Hub findings that match Rule A criteria. Next, Rule B actions apply to Security Hub findings with the specified account ID. In this example, since Rule B applies last, the end value of `Severity` in findings from the specified account ID is `INFORMATIONAL`. Based on the Rule A action, the end value of `Confidence` in matched findings is `95`.
+Rule A actions apply first to Security Hub CSPM findings that match Rule A criteria. Next, Rule B actions apply to Security Hub CSPM findings with the specified account ID. In this example, since Rule B applies last, the end value of `Severity` in findings from the specified account ID is `INFORMATIONAL`. Based on the Rule A action, the end value of `Confidence` in matched findings is `95`.
@@ -193 +193 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Automations
+CSPM automations