AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-12-10 · Documentation low

File: securityhub/latest/partnerguide/integration-faq.md

Summary

Updated all references from 'AWS Security Hub' to 'AWS Security Hub CSPM' throughout the FAQ document, including titles, questions, answers, and links. Added CSPM terminology consistently.

Security assessment

The changes involve rebranding 'Security Hub' to 'Security Hub CSPM' without introducing new security concepts, vulnerabilities, or features. CSPM (Cloud Security Posture Management) is a category label and doesn't indicate a security incident response. No evidence of vulnerability fixes, threat mitigations, or incident-related updates exists in the diff.

Diff

diff --git a/securityhub/latest/partnerguide/integration-faq.md b/securityhub/latest/partnerguide/integration-faq.md
index bd490266f..e676be03d 100644
--- a//securityhub/latest/partnerguide/integration-faq.md
+++ b//securityhub/latest/partnerguide/integration-faq.md
@@ -5 +5 @@
-# AWS Security Hub partner FAQ
+# AWS Security Hub CSPM partner FAQ
@@ -7 +7 @@
-The following are common questions about setting up and maintaining an integration with AWS Security Hub.
+The following are common questions about setting up and maintaining an integration with AWS Security Hub CSPM.
@@ -9 +9 @@ The following are common questions about setting up and maintaining an integrati
-  1. **What are the benefits of Security Hub integration?**
+  1. **What are the benefits of Security Hub CSPM integration?**
@@ -11 +11 @@ The following are common questions about setting up and maintaining an integrati
-     * **Customer satisfaction** – The number one reason to integrate with Security Hub is because you have customer requests to do so.
+     * **Customer satisfaction** – The number one reason to integrate with Security Hub CSPM is because you have customer requests to do so.
@@ -13 +13 @@ The following are common questions about setting up and maintaining an integrati
-Security Hub is the security and compliance center for AWS customers. It is designed as the first stop where AWS security and compliance professionals go each day to understand their security and compliance state.
+Security Hub CSPM is the security and compliance center for AWS customers. It is designed as the first stop where AWS security and compliance professionals go each day to understand their security and compliance state.
@@ -17 +17 @@ Listen to your customers. They will tell you if they want to see your findings i
-     * **Discovery opportunities** – We promote partners with certified integrations inside the Security Hub console, including links to their AWS Marketplace listings. This is a great way for customers to discover new security products. 
+     * **Discovery opportunities** – We promote partners with certified integrations inside the Security Hub CSPM console, including links to their AWS Marketplace listings. This is a great way for customers to discover new security products. 
@@ -23 +23 @@ Listen to your customers. They will tell you if they want to see your findings i
-     * Partners that send findings to Security Hub
+     * Partners that send findings to Security Hub CSPM
@@ -25 +25 @@ Listen to your customers. They will tell you if they want to see your findings i
-     * Partner that receive findings from Security Hub
+     * Partner that receive findings from Security Hub CSPM
@@ -29 +29 @@ Listen to your customers. They will tell you if they want to see your findings i
-     * Consulting partners that help customers to set up, customize, and use Security Hub in their environment
+     * Consulting partners that help customers to set up, customize, and use Security Hub CSPM in their environment
@@ -31 +31 @@ Listen to your customers. They will tell you if they want to see your findings i
-  3. **How does a partner integration with Security Hub work at a high level?**
+  3. **How does a partner integration with Security Hub CSPM work at a high level?**
@@ -33 +33 @@ Listen to your customers. They will tell you if they want to see your findings i
-You gather findings from within a customer account or from your own AWS account and transform the format of the findings to the AWS Security Finding Format (ASFF). You then push those findings to the appropriate Security Hub regional endpoint.
+You gather findings from within a customer account or from your own AWS account and transform the format of the findings to the AWS Security Finding Format (ASFF). You then push those findings to the appropriate Security Hub CSPM regional endpoint.
@@ -35 +35 @@ You gather findings from within a customer account or from your own AWS account
-You can also use CloudWatch Events to receive findings from Security Hub.
+You can also use CloudWatch Events to receive findings from Security Hub CSPM.
@@ -37 +37 @@ You can also use CloudWatch Events to receive findings from Security Hub.
-  4. **What are the basic steps for completing an integration with Security Hub?**
+  4. **What are the basic steps for completing an integration with Security Hub CSPM?**
@@ -41 +41 @@ You can also use CloudWatch Events to receive findings from Security Hub.
-    2. Receive product ARNs to use with Security Hub, if you will be sending findings to Security Hub.
+    2. Receive product ARNs to use with Security Hub CSPM, if you will be sending findings to Security Hub.
@@ -45 +45 @@ You can also use CloudWatch Events to receive findings from Security Hub.
-    4. Define your architecture for sending findings to and receiving findings from Security Hub. Follow the tenets outlined in [Tenets for creating and updating findings](./tenets-update-create-findings.html).
+    4. Define your architecture for sending findings to and receiving findings from Security Hub CSPM. Follow the tenets outlined in [Tenets for creating and updating findings](./tenets-update-create-findings.html).
@@ -53 +53 @@ You can also use CloudWatch Events to receive findings from Security Hub.
-    8. Demonstrate your integration to the Security Hub team.
+    8. Demonstrate your integration to the Security Hub CSPM team.
@@ -57 +57 @@ You can also use CloudWatch Events to receive findings from Security Hub.
-  5. **What is the process for submitting the partner manifest? And for AWS services to send findings to Security Hub?**
+  5. **What is the process for submitting the partner manifest? And for AWS services to send findings to Security Hub CSPM?**
@@ -59 +59 @@ You can also use CloudWatch Events to receive findings from Security Hub.
-To submit the manifest information to the Security Hub team, use `<[[email protected]](mailto:[email protected])>`.
+To submit the manifest information to the Security Hub CSPM team, use `<[[email protected]](mailto:[email protected])>`.
@@ -63 +63 @@ You are issued product ARNs within seven calendar days.
-  6. **What types of findings should I send to Security Hub?**
+  6. **What types of findings should I send to Security Hub CSPM?**
@@ -65 +65 @@ You are issued product ARNs within seven calendar days.
-Security Hub pricing is partly based on the number of findings ingested. Because of this, you should refrain from sending findings that do not provide value to customers.
+Security Hub CSPM pricing is partly based on the number of findings ingested. Because of this, you should refrain from sending findings that do not provide value to customers.
@@ -69 +69 @@ For example, some vulnerability management vendors only send findings with a Com
-  7. **What are the different approaches for me to send findings to Security Hub?**
+  7. **What are the different approaches for me to send findings to Security Hub CSPM?**
@@ -79 +79 @@ For overall guidelines on using [`BatchImportFindings`](https://docs.aws.amazon.
-  8. **How do I gather my findings and push them to a Security Hub Regional endpoint?**
+  8. **How do I gather my findings and push them to a Security Hub CSPM Regional endpoint?**
@@ -83 +83 @@ Partners have used different approaches for this, as it is highly dependent on t
-For example, some partners build a Python app that can be deployed as an CloudFormation script. The script gathers the partner's findings from the customer environment, transforms them into ASFF, and sends them to the Security Hub Regional endpoint.
+For example, some partners build a Python app that can be deployed as an CloudFormation script. The script gathers the partner's findings from the customer environment, transforms them into ASFF, and sends them to the Security Hub CSPM Regional endpoint.
@@ -85 +85 @@ For example, some partners build a Python app that can be deployed as an CloudFo
-Other partners build a full wizard that gives the customer a single-click experience to push findings to Security Hub.
+Other partners build a full wizard that gives the customer a single-click experience to push findings to Security Hub CSPM.
@@ -87 +87 @@ Other partners build a full wizard that gives the customer a single-click experi
-  9. **How do I know when to start sending findings to Security Hub?**
+  9. **How do I know when to start sending findings to Security Hub CSPM?**
@@ -89 +89 @@ Other partners build a full wizard that gives the customer a single-click experi
-Security Hub supports partial batch authorization for the [`BatchImportFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) API operation, so that you can send all of your findings to Security Hub for all of your customers.
+Security Hub CSPM supports partial batch authorization for the [`BatchImportFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) API operation, so that you can send all of your findings to Security Hub CSPM for all of your customers.
@@ -91 +91 @@ Security Hub supports partial batch authorization for the [`BatchImportFindings`
-If some of your customers have not yet subscribed to Security Hub, Security Hub does not ingest those findings. It only ingests authorized findings that are in the batch.
+If some of your customers have not yet subscribed to Security Hub CSPM, Security Hub CSPM does not ingest those findings. It only ingests authorized findings that are in the batch.
@@ -93 +93 @@ If some of your customers have not yet subscribed to Security Hub, Security Hub
-  10. **What steps do I need to complete to send findings to a customer's Security Hub instance?**
+  10. **What steps do I need to complete to send findings to a customer's Security Hub CSPM instance?**
@@ -142 +142 @@ The product subscription creates a resource policy that authorizes the findings
-Security Hub has the following types of resource policies for partners:
+Security Hub CSPM has the following types of resource policies for partners:
@@ -150 +150 @@ During the partner onboarding process, you can request either one or both types
-With `BATCH_IMPORT_FINDINGS_FROM_PRODUCT_ACCOUNT`, you can only send findings to Security Hub from the account listed in your product ARN.
+With `BATCH_IMPORT_FINDINGS_FROM_PRODUCT_ACCOUNT`, you can only send findings to Security Hub CSPM from the account listed in your product ARN.
@@ -162 +162 @@ The customer must put a product subscription in place for each account. They can
-Your product ARN is your unique identifier that Security Hub generates for you and that you use to submit findings. You receive a product ARN for each product that you integrate with Security Hub. The correct product ARN must be part of every finding that you send to Security Hub. Findings without the product ARN are dropped. The product ARN uses the following format:
+Your product ARN is your unique identifier that Security Hub CSPM generates for you and that you use to submit findings. You receive a product ARN for each product that you integrate with Security Hub CSPM. The correct product ARN must be part of every finding that you send to Security Hub CSPM. Findings without the product ARN are dropped. The product ARN uses the following format:
@@ -170 +170 @@ Here is an example:
-You are given a product ARN for each Region where Security Hub is deployed. The account ID, company, and product names are dictated by your partner manifest submissions. You never change any of the information that is associated with your product ARN, except for the Region code. The Region code must match the Region that you submit findings for.
+You are given a product ARN for each Region where Security Hub CSPM is deployed. The account ID, company, and product names are dictated by your partner manifest submissions. You never change any of the information that is associated with your product ARN, except for the Region code. The Region code must match the Region that you submit findings for.
@@ -174 +174 @@ A common mistake is to change the account ID to match the account where you are
-When Security Hub launches in new Regions, it automatically uses the standard Region codes to generate your product ARNs for those Regions.
+When Security Hub CSPM launches in new Regions, it automatically uses the standard Region codes to generate your product ARNs for those Regions.
@@ -178 +178 @@ Every account is also automatically provisioned with a private product ARN. You
-  15. **What format should be used to send findings to Security Hub?**
+  15. **What format should be used to send findings to Security Hub CSPM?**
@@ -180 +180 @@ Every account is also automatically provisioned with a private product ARN. You
-Findings must be provided in the AWS Security Finding Format (ASFF). For details, see [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) in the _AWS Security Hub User Guide_.
+Findings must be provided in the AWS Security Finding Format (ASFF). For details, see [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) in the _AWS Security Hub CSPM User Guide_.
@@ -186 +186 @@ The expectation is that all of the information in your native findings is fully
-You must send findings to the Security Hub Regional endpoint that is associated with the customer account.
+You must send findings to the Security Hub CSPM Regional endpoint that is associated with the customer account.
@@ -190 +190 @@ You must send findings to the Security Hub Regional endpoint that is associated
-See the [Security Hub endpoints list](https://docs.aws.amazon.com/general/latest/gr/sechub.html).
+See the [Security Hub CSPM endpoints list](https://docs.aws.amazon.com/general/latest/gr/sechub.html).
@@ -194 +194 @@ See the [Security Hub endpoints list](https://docs.aws.amazon.com/general/latest
-Security Hub does not yet support cross-Region submission of findings for the native AWS services, such as Amazon GuardDuty, Amazon Macie, and Amazon Inspector. If your customer allows it, Security Hub does not prevent you from submitting findings from different Regions.
+Security Hub CSPM does not yet support cross-Region submission of findings for the native AWS services, such as Amazon GuardDuty, Amazon Macie, and Amazon Inspector. If your customer allows it, Security Hub CSPM does not prevent you from submitting findings from different Regions.
@@ -202 +202 @@ You can batch up to 100 findings or 240 KB in a single call of [`BatchImportFind
-You can batch a set of findings from different accounts. However, if any of the accounts in the batch are not subscribed to Security Hub, the entire batch fails. This is a limitation of the API Gateway baseline authorization model.
+You can batch a set of findings from different accounts. However, if any of the accounts in the batch are not subscribed to Security Hub CSPM, the entire batch fails. This is a limitation of the API Gateway baseline authorization model.
@@ -218 +218 @@ Yes, if the customer grants you access to the [`BatchUpdateFindings`](https://do
-Security Hub ages out findings 90 days after the last update date. After this time, the aged-out findings are purged from the Security Hub OpenSearch cluster.
+Security Hub CSPM ages out findings 90 days after the last update date. After this time, the aged-out findings are purged from the Security Hub CSPM OpenSearch cluster.
@@ -220 +220 @@ Security Hub ages out findings 90 days after the last update date. After this ti
-If you update a finding with the same finding ID, and it has been aged off, a new finding is created in Security Hub.
+If you update a finding with the same finding ID, and it has been aged off, a new finding is created in Security Hub CSPM.
@@ -222 +222 @@ If you update a finding with the same finding ID, and it has been aged off, a ne
-Customers can use CloudWatch Events to move findings out of Security Hub. Doing so enables all findings to be sent to targets of the customer's choice.
+Customers can use CloudWatch Events to move findings out of Security Hub CSPM. Doing so enables all findings to be sent to targets of the customer's choice.
@@ -224 +224 @@ Customers can use CloudWatch Events to move findings out of Security Hub. Doing
-In general, Security Hub recommends that you create new findings every 90 days and do not update findings forever.
+In general, Security Hub CSPM recommends that you create new findings every 90 days and do not update findings forever.
@@ -226 +226 @@ In general, Security Hub recommends that you create new findings every 90 days a
-  23. **What throttles does Security Hub put in place?**
+  23. **What throttles does Security Hub CSPM put in place?**
@@ -228 +228 @@ In general, Security Hub recommends that you create new findings every 90 days a
-Security Hub throttles `GetFindings` API calls, as the recommended approach to access findings is using CloudWatch Events.
+Security Hub CSPM throttles `GetFindings` API calls, as the recommended approach to access findings is using CloudWatch Events.
@@ -230 +230 @@ Security Hub throttles `GetFindings` API calls, as the recommended approach to a
-Security Hub does not implement any other throttling on internal services, partners, or customers beyond that enforced by API Gateway and Lambda invocations.
+Security Hub CSPM does not implement any other throttling on internal services, partners, or customers beyond that enforced by API Gateway and Lambda invocations.
@@ -232 +232 @@ Security Hub does not implement any other throttling on internal services, partn
-  24. **What is the timeliness or latency SLAs or expectations for findings that are sent to Security Hub from source services?**
+  24. **What is the timeliness or latency SLAs or expectations for findings that are sent to Security Hub CSPM from source services?**
@@ -234 +234 @@ Security Hub does not implement any other throttling on internal services, partn
-The aim is to be as near-real time as possible for both initial findings and updates to findings. You should send findings to Security Hub within five minutes after they are created.
+The aim is to be as near-real time as possible for both initial findings and updates to findings. You should send findings to Security Hub CSPM within five minutes after they are created.
@@ -236 +236 @@ The aim is to be as near-real time as possible for both initial findings and upd
-  25. **How can I receive findings from Security Hub?**
+  25. **How can I receive findings from Security Hub CSPM?**
@@ -242 +242 @@ To receive findings, use one of the following methods.
-     * Use CloudWatch Events for custom actions. Security Hub allows customers to select specific findings or groups of findings from within the console and take action on them. For example, they can send findings to a SIEM, ticketing system, chat platform, or remediation workflow. This would be part of an alert triage workflow that a customer performs within Security Hub. These are called custom actions.
+     * Use CloudWatch Events for custom actions. Security Hub CSPM allows customers to select specific findings or groups of findings from within the console and take action on them. For example, they can send findings to a SIEM, ticketing system, chat platform, or remediation workflow. This would be part of an alert triage workflow that a customer performs within Security Hub CSPM. These are called custom actions.
@@ -246 +246 @@ When a user selects a custom action, a CloudWatch event is created for those spe
-You can use the custom action API operations, such as `CreateActionTarget`, to automatically create available actions for your product (such as using CloudFormation templates). You would also use CloudWatch Events rule API operations to create corresponding CloudWatch Events rules that are associated with the custom action. Using CloudFormation templates, you can also create CloudWatch Events rules to automatically ingest from Security Hub all findings or all findings with certain characteristics.
+You can use the custom action API operations, such as `CreateActionTarget`, to automatically create available actions for your product (such as using CloudFormation templates). You would also use CloudWatch Events rule API operations to create corresponding CloudWatch Events rules that are associated with the custom action. Using CloudFormation templates, you can also create CloudWatch Events rules to automatically ingest from Security Hub CSPM all findings or all findings with certain characteristics.
@@ -248 +248 @@ You can use the custom action API operations, such as `CreateActionTarget`, to a
-  26. **What are the requirements for a managed security service provider (MSSP) to become a Security Hub partner?**
+  26. **What are the requirements for a managed security service provider (MSSP) to become a Security Hub CSPM partner?**
@@ -250 +250 @@ You can use the custom action API operations, such as `CreateActionTarget`, to a
-You must demonstrate how Security Hub is used as part of your service delivery to customers. 
+You must demonstrate how Security Hub CSPM is used as part of your service delivery to customers. 
@@ -252 +252 @@ You must demonstrate how Security Hub is used as part of your service delivery t
-You should have user documentation that explains your use of Security Hub.
+You should have user documentation that explains your use of Security Hub CSPM.
@@ -254 +254 @@ You should have user documentation that explains your use of Security Hub.
-If the MSSP is a finding provider, they must demonstrate sending findings to Security Hub.
+If the MSSP is a finding provider, they must demonstrate sending findings to Security Hub CSPM.
@@ -256 +256 @@ If the MSSP is a finding provider, they must demonstrate sending findings to Sec
-If the MSSP only receives findings from Security Hub, they must at a minimum have an CloudFormation template to set up the appropriate CloudWatch Events rules.
+If the MSSP only receives findings from Security Hub CSPM, they must at a minimum have an CloudFormation template to set up the appropriate CloudWatch Events rules.
@@ -258 +258 @@ If the MSSP only receives findings from Security Hub, they must at a minimum hav
-  27. **What are the requirements for a non-MSSP APN Consulting Partner to become a Security Hub partner?**
+  27. **What are the requirements for a non-MSSP APN Consulting Partner to become a Security Hub CSPM partner?**
@@ -260 +260 @@ If the MSSP only receives findings from Security Hub, they must at a minimum hav
-If you are am APN Consulting Partner, you can become a Security Hub partner. You should submit two private case studies on how you helped a specific customer do the following.
+If you are am APN Consulting Partner, you can become a Security Hub CSPM partner. You should submit two private case studies on how you helped a specific customer do the following.
@@ -262 +262 @@ If you are am APN Consulting Partner, you can become a Security Hub partner. You
-     * Set up Security Hub with IAM permissions that the customer needs.
+     * Set up Security Hub CSPM with IAM permissions that the customer needs.
@@ -264 +264 @@ If you are am APN Consulting Partner, you can become a Security Hub partner. You
-     * Help to connect already integrated independent software vendor (ISV) solutions to Security Hub using the configuration instructions on the partner page in the console.
+     * Help to connect already integrated independent software vendor (ISV) solutions to Security Hub CSPM using the configuration instructions on the partner page in the console.
@@ -274 +274 @@ If you are am APN Consulting Partner, you can become a Security Hub partner. You
-     * Build Quickstarts that align to the Security Hub compliance standards. These must be validated by the Security Hub team.
+     * Build Quickstarts that align to the Security Hub CSPM compliance standards. These must be validated by the Security Hub CSPM team.
@@ -278 +278 @@ Case studies do not need to be publicly shareable.
-  28. **What are the requirements around how I deploy my integration with Security Hub with my customers?**
+  28. **What are the requirements around how I deploy my integration with Security Hub CSPM with my customers?**
@@ -280 +280 @@ Case studies do not need to be publicly shareable.
-Integration architectures between Security Hub and partner products vary from partner to partner in terms of how that partner's solution is operated. You should ensure that the setup process for the integration takes no longer than 15 minutes.
+Integration architectures between Security Hub CSPM and partner products vary from partner to partner in terms of how that partner's solution is operated. You should ensure that the setup process for the integration takes no longer than 15 minutes.
@@ -286 +286 @@ If you are deploying integration software into the customer's AWS environment, y
-You must provide a link to documentation that describes the integration and setup process between your product and Security Hub, including your use of CloudFormation templates.
+You must provide a link to documentation that describes the integration and setup process between your product and Security Hub CSPM, including your use of CloudFormation templates.
@@ -292 +292 @@ Consider including other potential information:
-     * Your use case for integration with Security Hub
+     * Your use case for integration with Security Hub CSPM
@@ -308 +308 @@ You are encouraged to define custom insights for your findings. Insights are lig