AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-12-10 · Documentation low

File: securityhub/latest/partnerguide/integration-use-cases.md

Summary

Updated all references from 'Security Hub' to 'Security Hub CSPM' throughout the document, including product name and user guide references.

Security assessment

The changes are purely branding/naming updates replacing 'Security Hub' with 'Security Hub CSPM'. No security mechanisms, permissions, or vulnerability-related content was modified. The IAM policy examples and integration workflows remain unchanged.

Diff

diff --git a/securityhub/latest/partnerguide/integration-use-cases.md b/securityhub/latest/partnerguide/integration-use-cases.md
index 2000085e9..75b7d350f 100644
--- a//securityhub/latest/partnerguide/integration-use-cases.md
+++ b//securityhub/latest/partnerguide/integration-use-cases.md
@@ -9 +9 @@ Partner hosted: findings sent from partner accountPartner hosted: findings sent
-AWS Security Hub allows AWS customers to receive findings from APN Partners. The partner's products might run either inside or outside of the customer's AWS account. The permission configuration in the customer's account differs based on the model that the partner product uses.
+AWS Security Hub CSPM allows AWS customers to receive findings from APN Partners. The partner's products might run either inside or outside of the customer's AWS account. The permission configuration in the customer's account differs based on the model that the partner product uses.
@@ -11 +11 @@ AWS Security Hub allows AWS customers to receive findings from APN Partners. The
-In Security Hub, the customer always controls which partners can send findings to the customer's account. Customers can revoke permissions from a partner at any time.
+In Security Hub CSPM, the customer always controls which partners can send findings to the customer's account. Customers can revoke permissions from a partner at any time.
@@ -13 +13 @@ In Security Hub, the customer always controls which partners can send findings t
-To enable a partner to send security findings to their account, the customer first subscribes to the partner product in Security Hub. The subscription step is necessary for all of the use cases that are outlined below. For details on how customers manage product integrations, see [Managing product integrations](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html) in the _AWS Security Hub User Guide_.
+To enable a partner to send security findings to their account, the customer first subscribes to the partner product in Security Hub CSPM. The subscription step is necessary for all of the use cases that are outlined below. For details on how customers manage product integrations, see [Managing product integrations](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html) in the _AWS Security Hub CSPM User Guide_.
@@ -15 +15 @@ To enable a partner to send security findings to their account, the customer fir
-After a customer subscribes to a partner product, Security Hub automatically creates a managed resource policy. The policy grants the partner product permission to use the [`BatchImportFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) API operation to send findings to Security Hub for the customer’s account.
+After a customer subscribes to a partner product, Security Hub CSPM automatically creates a managed resource policy. The policy grants the partner product permission to use the [`BatchImportFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) API operation to send findings to Security Hub CSPM for the customer’s account.
@@ -17 +17 @@ After a customer subscribes to a partner product, Security Hub automatically cre
-Here are the common cases for partner products that integrate with Security Hub. The information includes the additional permissions required for each use case.
+Here are the common cases for partner products that integrate with Security Hub CSPM. The information includes the additional permissions required for each use case.
@@ -27 +27 @@ In the partner account, the IAM principal that calls the [`BatchImportFindings`]
-Enabling a partner product to send findings to the customer in Security Hub is a two-step process:
+Enabling a partner product to send findings to the customer in Security Hub CSPM is a two-step process:
@@ -29 +29 @@ Enabling a partner product to send findings to the customer in Security Hub is a
-  1. The customer creates a subscription to a partner product in Security Hub.
+  1. The customer creates a subscription to a partner product in Security Hub CSPM.
@@ -31 +31 @@ Enabling a partner product to send findings to the customer in Security Hub is a
-  2. Security Hub generates the correct managed resource policy with the customer's confirmation.
+  2. Security Hub CSPM generates the correct managed resource policy with the customer's confirmation.
@@ -38 +38 @@ To send security findings related to the customer’s account, the partner produ
-Here is an example of an IAM policy that grants the principal in the partner account the necessary Security Hub permissions.
+Here is an example of an IAM policy that grants the principal in the partner account the necessary Security Hub CSPM permissions.
@@ -66 +66 @@ For this use case, to call the [`BatchImportFindings`](https://docs.aws.amazon.c
-This call is made from the customer's account. Therefore, the managed resource policy must allow the product ARN for the partner product's account to be used in the call. The Security Hub managed resource policy grants permission for the partner product account and the partner product ARN. The product ARN is the partner's unique identifier as a provider. Because the call does not come from the partner product account, the customer must explicitly grant permission for the partner product to send findings to Security Hub.
+This call is made from the customer's account. Therefore, the managed resource policy must allow the product ARN for the partner product's account to be used in the call. The Security Hub CSPM managed resource policy grants permission for the partner product account and the partner product ARN. The product ARN is the partner's unique identifier as a provider. Because the call does not come from the partner product account, the customer must explicitly grant permission for the partner product to send findings to Security Hub CSPM.
@@ -70 +70 @@ The best practice for cross-account roles between partner and customer accounts
-Enabling a partner product to send findings to the customer in Security Hub with a cross-account role happens in four steps:
+Enabling a partner product to send findings to the customer in Security Hub CSPM with a cross-account role happens in four steps:
@@ -72 +72 @@ Enabling a partner product to send findings to the customer in Security Hub with
-  1. The customer, or partner using cross-account roles working on behalf of the customer, starts the subscription to a product in Security Hub.
+  1. The customer, or partner using cross-account roles working on behalf of the customer, starts the subscription to a product in Security Hub CSPM.
@@ -74 +74 @@ Enabling a partner product to send findings to the customer in Security Hub with
-  2. Security Hub generates the correct managed resource policy with the customer's confirmation.
+  2. Security Hub CSPM generates the correct managed resource policy with the customer's confirmation.
@@ -83 +83 @@ Enabling a partner product to send findings to the customer in Security Hub with
-Next, the product sends findings to Security Hub:
+Next, the product sends findings to Security Hub CSPM:
@@ -87 +87 @@ Next, the product sends findings to Security Hub:
-  2. The product calls the [`BatchImportFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) API operation on Security Hub with the assumed role's temporary credentials.
+  2. The product calls the [`BatchImportFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) API operation on Security Hub CSPM with the assumed role's temporary credentials.
@@ -92 +92 @@ Next, the product sends findings to Security Hub:
-Here is an example of an IAM policy that grants the necessary Security Hub permissions to the partner's cross-account role.
+Here is an example of an IAM policy that grants the necessary Security Hub CSPM permissions to the partner's cross-account role.
@@ -127 +127 @@ This use case is functionally equivalent to a scenario where a customer loads fi
-The customer enables the partner product to send findings from the customer's account to the customer in Security Hub:
+The customer enables the partner product to send findings from the customer's account to the customer in Security Hub CSPM:
@@ -131 +131 @@ The customer enables the partner product to send findings from the customer's ac
-  2. The customer defines the necessary IAM policy for the partner product to use when it sends findings to Security Hub.
+  2. The customer defines the necessary IAM policy for the partner product to use when it sends findings to Security Hub CSPM.
@@ -138 +138 @@ The customer enables the partner product to send findings from the customer's ac
-Now the product can send findings to Security Hub:
+Now the product can send findings to Security Hub CSPM:
@@ -140 +140 @@ Now the product can send findings to Security Hub:
-  1. The partner product uses the AWS SDK or AWS CLI to call the [`BatchImportFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) API operation in Security Hub. It makes the call from the component in the customer’s account where the policy is attached.
+  1. The partner product uses the AWS SDK or AWS CLI to call the [`BatchImportFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) API operation in Security Hub CSPM. It makes the call from the component in the customer’s account where the policy is attached.
@@ -147 +147 @@ Now the product can send findings to Security Hub:
-Here is an example of an IAM policy that grants the necessary Security Hub permissions to the partner product in the customer account.
+Here is an example of an IAM policy that grants the necessary Security Hub CSPM permissions to the partner product in the customer account.