Configure Security Hub as a Finding Source

Configure Opus Security Hub Webhook

go to integrations, click finding source and Choose “AWS Security Hub”

Choose a logical name, mark the "default connection" checkbox, and click connect.

click AWS security hub once more and edit the connection. click enable finding source, and copy the URI.

Configuring SNS topic to publish the events from AWS

Choose name to your topic, “Security Hub Findings” (For example) and choose “Create topic” and make sure you choose standard

  1. Confirm the Opus webhook as subscriber to the topic
  2. Open Opus platform Go to Connections -> Finding Sources -> Choose the webhook you created on step 1.
  3. Now you should see JSON content in the text area of “Confirmation Data”.
  4. Copy the value of “SubscribeURL”
  5. Select the "Enable raw message delivery checkbox"
  1. Paste the value you copied on step 3.c and choose “Confirm subscription”
  2. Refresh the page and the status of the subscription should be “Confirmed”.
  3. Configure EventBridge to publish security hub events through the SNS topic. (On this step you can choose your desired filter for events, this guide will share Opus best practice)

Choose “Rules” and then “Create rule

Choose “Next”, “Next” and “Create rule”

👍

You’re Done! Opus platform can now make your life more happy and secure!