AWS Security ChangesHomeSearch

AWS systems-manager documentation change

Service: systems-manager · 2025-12-10 · Documentation low

File: systems-manager/latest/userguide/OpsCenter-troubleshooting.md

Summary

Updated documentation to replace references to 'Security Hub' with 'Security Hub CSPM' throughout. Changes include updated terminology, links, and configuration steps related to OpsItems created from Security Hub CSPM findings.

Security assessment

The changes involve rebranding/terminology updates (Security Hub → Security Hub CSPM) without addressing vulnerabilities, weaknesses, or security incidents. No security fixes, vulnerability disclosures, or security enhancements are mentioned. The content remains operational/troubleshooting-focused.

Diff

diff --git a/systems-manager/latest/userguide/OpsCenter-troubleshooting.md b/systems-manager/latest/userguide/OpsCenter-troubleshooting.md
index 94bb0de33..256f5a153 100644
--- a//systems-manager/latest/userguide/OpsCenter-troubleshooting.md
+++ b//systems-manager/latest/userguide/OpsCenter-troubleshooting.md
@@ -26 +26 @@ These quotas apply to OpsItems created from any source except the following:
-  * OpsItems created by AWS Security Hub findings
+  * OpsItems created by AWS Security Hub CSPM findings
@@ -35 +35 @@ OpsItems created from these sources don't count against your OpsItem quotas, but
-If you receive an `OpsItemLimitExceededException`, you can manually delete OpsItems until you are below the quota preventing you from creating a new OpsItem. Again, deleting OpsItems created for Security Hub findings or Incident Manager incidents won't reduce your total number of OpsItems enforced by the quotas. You must delete OpsItems from other sources. For information about how to delete an OpsItem, see [Delete OpsItems](./OpsCenter-delete-OpsItems.html).
+If you receive an `OpsItemLimitExceededException`, you can manually delete OpsItems until you are below the quota preventing you from creating a new OpsItem. Again, deleting OpsItems created for Security Hub CSPM findings or Incident Manager incidents won't reduce your total number of OpsItems enforced by the quotas. You must delete OpsItems from other sources. For information about how to delete an OpsItem, see [Delete OpsItems](./OpsCenter-delete-OpsItems.html).
@@ -39 +39 @@ If you receive an `OpsItemLimitExceededException`, you can manually delete OpsIt
-If you configured integration with AWS Security Hub, OpsCenter creates OpsItems for Security Hub findings. Depending on the number of finding Security Hub generates and the account you were logged into when you configured integration, OpsCenter can generate large numbers of OpsItems, at a cost. Here are more specific details related to OpsItems generated by Security Hub findings:
+If you configured integration with AWS Security Hub CSPM, OpsCenter creates OpsItems for Security Hub CSPM findings. Depending on the number of finding Security Hub CSPM generates and the account you were logged into when you configured integration, OpsCenter can generate large numbers of OpsItems, at a cost. Here are more specific details related to OpsItems generated by Security Hub CSPM findings:
@@ -41 +41 @@ If you configured integration with AWS Security Hub, OpsCenter creates OpsItems
-  * If you are logged into the Security Hub administrator account when you configure OpsCenter and Security Hub integration, the system creates OpsItems for findings in the administrator _and_ all member accounts. The OpsItems are all created _in the administrator account_. Depending on a variety of factors, this can lead to an unexpectedly large bill from AWS.
+  * If you are logged into the Security Hub CSPM administrator account when you configure OpsCenter and Security Hub CSPM integration, the system creates OpsItems for findings in the administrator _and_ all member accounts. The OpsItems are all created _in the administrator account_. Depending on a variety of factors, this can lead to an unexpectedly large bill from AWS.
@@ -43 +43 @@ If you configured integration with AWS Security Hub, OpsCenter creates OpsItems
-If you are logged into a member account when you configure integration, the system only creates OpsItems for findings in that individual account. For more information about the Security Hub administrator account, member accounts, and their relation to the EventBridge event feed for findings, see [Types of Security Hub integration with EventBridge](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cwe-integration-types.html) in the _AWS Security Hub User Guide_.
+If you are logged into a member account when you configure integration, the system only creates OpsItems for findings in that individual account. For more information about the Security Hub CSPM administrator account, member accounts, and their relation to the EventBridge event feed for findings, see [Types of Security Hub CSPM integration with EventBridge](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cwe-integration-types.html) in the _AWS Security Hub CSPM User Guide_.
@@ -45 +45 @@ If you are logged into a member account when you configure integration, the syst
-  * For each finding that creates an OpsItem, you are charged the regular price for creating the OpsItem. You are also charged if you edit the OpsItem or if the corresponding finding is updated in Security Hub (which triggers an OpsItem update).
+  * For each finding that creates an OpsItem, you are charged the regular price for creating the OpsItem. You are also charged if you edit the OpsItem or if the corresponding finding is updated in Security Hub CSPM (which triggers an OpsItem update).
@@ -47 +47 @@ If you are logged into a member account when you configure integration, the syst
-  * OpsItems that are created by an integration with AWS Security Hub are _not_ currently limited by the maximum quota of 500,000 OpsItems per account in a Region. It is therefore possible for Security Hub alerts to create more than 500,000 chargeable OpsItems in each Region in an account.
+  * OpsItems that are created by an integration with AWS Security Hub CSPM are _not_ currently limited by the maximum quota of 500,000 OpsItems per account in a Region. It is therefore possible for Security Hub CSPM alerts to create more than 500,000 chargeable OpsItems in each Region in an account.
@@ -49 +49 @@ If you are logged into a member account when you configure integration, the syst
-For high-production environments, we therefore recommend limiting the scope of Security Hub findings to high severity issues only.
+For high-production environments, we therefore recommend limiting the scope of Security Hub CSPM findings to high severity issues only.
@@ -58 +58 @@ If you believe a large number of OpsItems were created in error and your AWS bil
-Use the following procedure if you no longer want the system to create OpsItems for Security Hub findings.
+Use the following procedure if you no longer want the system to create OpsItems for Security Hub CSPM findings.
@@ -60 +60 @@ Use the following procedure if you no longer want the system to create OpsItems
-###### To stop receiving OpsItems for Security Hub findings
+###### To stop receiving OpsItems for Security Hub CSPM findings
@@ -68 +68 @@ Use the following procedure if you no longer want the system to create OpsItems
-  4. In the **Security Hub findings** section, choose **Edit.**
+  4. In the **Security Hub CSPM findings** section, choose **Edit.**
@@ -70 +70 @@ Use the following procedure if you no longer want the system to create OpsItems
-  5. Choose the slider to change **Enabled** to **Disabled**. If you aren't able to toggle the slider, Security Hub hasn't been enabled for your AWS account.
+  5. Choose the slider to change **Enabled** to **Disabled**. If you aren't able to toggle the slider, Security Hub CSPM hasn't been enabled for your AWS account.
@@ -72 +72 @@ Use the following procedure if you no longer want the system to create OpsItems
-  6. Choose **Save** to save your configuration. OpsCenter no longer creates OpsItems based on Security Hub findings.
+  6. Choose **Save** to save your configuration. OpsCenter no longer creates OpsItems based on Security Hub CSPM findings.