Update Amazon Security Hub Integration
Once you configure the Amazon Security Hub integration, you can update the name, integration or configuration details of the Amazon Security Hub integration with Qualys.
If integration is created but not enabled (VM Configuration is not done) for a particular AWS account, it gets enabled during the update request (PUT), and the details are updated as well.
|
Parameter |
Mandatory/ Optional |
Data Type |
Description |
|---|---|---|---|
|
id={value} |
Mandatory | Integer |
Unique identifier (id) assigned to the Amazon Security Hub integration. |
|
The unique integration identifier (id) of the Amazon Security Hub cannot be updated. |
|||
|
vmConfigs |
Optional | JSON code |
Configuration details of the Amazon Security Hub in following format: "vmConfigs":[ { "minSeverity":1, "baseCategory":"Potential", "awsAccounts":[ "111111111111", "222222222222" ], "regions":[ "eu-west-2", "eu-west-1" ] }, where, minSeverity: minimum severity level of the vulnerabilities fetched from Qualys (VM/VMDR app) to be posted on the Amazon Security Hub. By default, it is configured to severity level 3 and above. For example, if you set the value to 1, all findings with severity level 1 to 5 are fetched and available on Amazon Security Hub. baseCategory: category of the vulnerabilities fetched from Qualys (VM/VMDR app) to be posted on the Amazon Security Hub. The valid values are Confirmed and Potential. By default, it is configured to Confirmed. In this case, only confirmed vulnerabilities are included. If you configure the baseCategory as Potential, both Potential and Confirmed vulnerabilities are included. awsAccounts: List of AWS account ids for which AWS Security Hub is enabled. regions: regions enabled with Amazon Security Hub. As AWS Security Hub is regional service, you need to add all regions that are enabled for AWS Security Hub. |
|
sendAlerts |
Optional | Boolean |
Set to true to receive ProActive alert notifications. |
|
errorEmails |
Optional | Boolean |
When sendAlerts is set to true, provide the email list for ProActive Alert notifications. Add upto aList of maximum 5 email addresses as comma-separated values. |
- If you mention regions that are not enabled for Amazon Security Hub in the request, the regions are skipped. Only regions that are enabled for Amazon Security Hub are updated.
- The minSeverity, baseCategory, and regions are optional parameters.
Update Name of the Amazon Security Hub IntegrationUpdate Name of the Amazon Security Hub Integration
Let us see an example of updating the name of the Amazon Security Hub integration. In the request, provide the new name for the Amazon Security Hub integration.
API request
"curl -X POST --header""Content-Type:application/json""<qualys_gateway_url>/partner-integration/aws/security-hub/{id}""--data""@integration.json""-H""Authorization: Bearer <token>"
'integration.json' contains the request POST data.
Request POST Data (integration.json)
{
"name":"New Qualys Demo""sendAlerts":true,
" ""errorEmails":" "[
"<email address 1>",
" ""<email address 2>"
]
}
JSON output
{
"message":"AWS security hub VM integration successfully updated."
}
Let us now see an example to update the configuration details of the Amazon Security Hub integration. Provide the configuration details to be updated in the PUT request.
API request
"curl -X PUT --header""Content-Type:application/json""<qualys_gateway_url>//partner-integration/aws/security-hub/{id}/vm""--data""@integration.json""where",
"id is the unique integration identifier of the Amazon Security Hub"
'integration.json' contains the request PUT data.
Request PUT Data (integration.json)
{
"vmConfigs":[
{
"minSeverity":1,
"baseCategory":"Potential",
"awsAccounts":[
"111111111111",
"222222222222"
],
"regions":[
"eu-west-2",
"eu-west-1"
]
},
{
"minSeverity":3,
"baseCategory":"Confirmed",
"awsAccounts":[
"333333333333",
"444444444444"
],
"regions":[
"eu-west-2",
"eu-west-1"
]
}
]
}
JSON Output
{
"message":"AWS accounts and their VM configuration successfully updated."
}