AWS Security Hub

AWS Security Hub provides you with a comprehensive view of your security state by collecting security data across AWS accounts, services, and supported third-party products to analyze security trends and identify the highest priority security issues. For more information refer to AWS official documentation.

Integration Method: API Ingest

Tables: Detection Finding (2002), Compliance Finding (2003)

This integration supports the following events.

Event	Description
Findings	Retrieves the security check or security-related detection findings.

This integration supports the following versions.

AWS Security Hub API version

2018-10-26

Note:
AWS Security Hub is a continuously updated cloud service. As of this document preparation, the latest release was on Mar 26, 2025.

Prerequisites

AWS Security Hub configuration

To configure AWS Security Hub, refer here.

AWS Access Key and Secret Key

Refer to this common procedure on how to create an IAM user, configure the AWS Access Key and AWS Secret Key, attach an IAM policy with required permissions.

Configuration Overview

Generate an AWS Access Key & Secret Key with the required IAM policies.
Configure the AWS Security Hub in the DataBee console with the required Access Key and Secret Key.
DataBee Parameter
AWS Security Hub Parameter
Access Key
AWS Access Key
Secret Key
AWS Secret Key
AWS Region
AWS Region
Service Name
securityhub

DataBee Parameter	AWS Security Hub Parameter
Access Key	AWS Access Key
Secret Key	AWS Secret Key
AWS Region	AWS Region
Service Name	securityhub

AWS Security Hub – IAM Policy Information

Start by creating an IAM user with the API credentials. This common step is documented at AWS configuration prerequisites.
Once the IAM user has been created, the following permissions will need to be added to a role associated with the user. Refer to Adding Permission to IAM user for the steps.
Ensure AWS Access Key is associated with the service user which has been attached to an IAM policy with following Actions allowed. The following example shows a policy that grants read-only access to fetch security hub findings. This example shows how you might create an IAM policy that allows a user to view Security Hub findings.

Refer here more info on the policy.

Required Minimum IAM policy:

{
    "Version": "2012-10-17",
    "Statement":
    [
        {
            "Sid": "ReviewFindings",
            "Effect": "Allow",
            "Action":
            [
                "securityhub:GetFindings"
            ],
            "Resource": "*"
        }
    ]
}

DataBee Configuration

Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for the AWS Security Hub and click it as shown below.
Click on the API Ingest option for collection method.
Enter feed contact information and click Next.
In the configuration page, confirm the following:
- Authorization Method: AWS Signature
- API Base URL: this is the base URL that DataBee will interact with. Replace AWS Region in the placeholder where security hub is configured.
- Access key: paste the AWS client access key.
- Secret key: paste the AWS client secret key.
- Session token: can be left empty.
- AWS region : region
- Service name: securityhub
- Event types: preselected for all the event types that integration pulls.
Click Submit.

Troubleshooting Tips

Ensure the Access Key, Secret Key are pasted correctly. Since you cannot view the Secret Key after the 1^st time, re-create the Access Key & Secret Key, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.
Ensure the appropriate AWS Security Hub privileges/permissions are correctly attached to the AWS Access Key.