AWS SecurityHub Integration

Connect QuantAssure to AWS SecurityHub to aggregate security findings from your AWS environment.

What It Collects

  • SecurityHub Findings — All findings from AWS SecurityHub, including:
    • GuardDuty threat detection
    • Inspector vulnerability assessments
    • Config compliance findings
    • Other integrated AWS security services

Prerequisites

  • An AWS account with SecurityHub enabled
  • IAM credentials (access key and secret) with permissions to read SecurityHub findings
  • Required IAM permissions: 
    securityhub:GetFindings
securityhub:BatchGetFindings

Setup Steps

1. Enable AWS SecurityHub

If not already enabled:

  1. Open the AWS Console
  2. Navigate to SecurityHub
  3. Click "Go to Security Hub" and enable it
  4. Enable any security standards you want to check against (e.g., AWS Foundational Security Best Practices)

2. Create IAM Credentials

  1. Open the IAM Console
  2. Create a new IAM user or use an existing one
  3. Attach a policy with SecurityHub read permissions: 
    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "securityhub:GetFindings",
        "securityhub:BatchGetFindings"
      ],
      "Resource": "*"
    }
  ]
}
  4. Create an access key for the user
  5. Save the Access Key ID and Secret Access Key — you'll need both

3. Configure in QuantAssure

  1. Create or edit a System in QuantAssure
  2. In the Data Sources section, enable AWS SecurityHub
  3. Enter your AWS region (e.g., us-east-1, ap-southeast-2)
  4. Enter your Access Key ID
  5. Enter your Secret Access Key
  6. Save your system configuration

4. Run Your First Scan

Click "Run Scan" to collect findings from SecurityHub.

What to Expect

After your first scan:

  • Findings: All active SecurityHub findings
  • Findings include severity (mapped from AWS severity labels), affected resources, and remediation guidance
  • Findings from all enabled integrations (GuardDuty, Inspector, Config, etc.) are aggregated

Troubleshooting

"Access Denied" error

  • Verify your IAM credentials are correct
  • Check that the IAM user has securityhub:GetFindings permission
  • Ensure the credentials have access to the specified region

No findings appearing

  • Verify SecurityHub is enabled in your AWS account
  • Check that you have security standards enabled (they generate findings)
  • It can take time for SecurityHub to generate initial findings

Partial findings

  • Each AWS region has its own SecurityHub instance
  • Configure multiple systems if you need findings from multiple regions