Configure Amazon Security Hub Integration

POST /partner-integration/aws/security-hub/{id}/vm

The next step after you create the Amazon Security Hub integration is to configure it and enable integration with the VM/VMDR app. During the configuration, you must provide the AWS account details such as AWS account IDs, base category, regions, and minimum severity level of the vulnerabilities that should be fetched from Qualys (VM/VMDR app) to be posted to Amazon Security Hub. Once you complete the configuration steps, the Amazon Security Hub Integration is enabled with VM/VMDR app.

Input Parameters  Input Parameters  

Parameter

Mandatory/

Optional

Data Type

Description

id={value}

 Mandatory Integer

Unique identifier (id) assigned to the Amazon Security Hub integration.

vmConfigs

 Optional JSON code

Configuration details of the Amazon Security Hub in following format:

"vmConfigs":[
   {
      "minSeverity":1,
      "baseCategory":"Potential",
      "awsAccounts":[
         "111111111111",
         "222222222222"
      ],
      "regions":[
         "eu-west-2",
         "eu-west-1"
      ]
   }

where,

minSeverity: minimum severity level of the vulnerabilities fetched from Qualys (VM/VMDR app) to be posted on the Amazon Security Hub. By default, it is configured to severity level 3 and above. For example, if you set the value to 1, all findings with severity levels 1 to 5 are fetched and available on Amazon Security Hub.

baseCategory: category of the vulnerabilities fetched from Qualys (VM/VMDR app) to be posted on the Amazon Security Hub. The valid values are Confirmed and Potential.

By default, it is configured to Confirmed, which means only confirmed vulnerabilities are included. However, if you configure the baseCategory as Potential, both Potential and Confirmed vulnerabilities are included.

awsAccounts: List of AWS account ids for which AWS Security Hub is enabled.

regions: List of AWS regions where Amazon Security Hub is enabled. As AWS Security Hub is regional service, you need to add all regions that are enabled for AWS Security Hub.

Configure Amazon Security Hub IntegrationConfigure Amazon Security Hub Integration

API request

"curl -X POST --header""Content-Type:application/json""<qualys_gateway_url>/partner-integration/aws/security-hub/{id}/vm""--data""@integration.json""-H""Authorization: Bearer <token>"

'integration.json' contains the request POST data.

Request POST Data (integration.json)

{
   "vmConfigs":[
      {
         "minSeverity":1,
         "baseCategory":"Potential",
         "awsAccounts":[
            "111111111111",
            "222222222222"
         ],
         "regions":[
            "eu-west-2",
            "eu-west-1"
         ]
      },
      {
         "minSeverity":3,
         "baseCategory":"Confirmed",
         "awsAccounts":[
            "333333333333",
            "444444444444"
         ],
         "regions":[
            "eu-west-2",
            "eu-west-1"
         ]
      }
   ]
}

JSON Output

{
   "\"VM successfully enabled for AWS security hub.
}"

Next Step

Update Amazon Security Hub Integration

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.