Skip to content

[aws] Rebrand AWS Security Hub to AWS Security Hub CSPM #16195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

[aws] Rebrand AWS Security Hub to AWS Security Hub CSPM #16195

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bb59bcf
Rebrand AWS Security Hub
brijesh-elastic Dec 2, 2025
a4f75ac
update changelog entry
brijesh-elastic Dec 2, 2025
d7b3519
update readme
brijesh-elastic Dec 2, 2025
4cb337c
Update packages/aws/changelog.yml
brijesh-elastic Dec 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 14 additions & 14 deletions packages/aws/_dev/build/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,20 +30,20 @@ The AWS integration uses different AWS API to bootstrap and collect metrics and

Each of these APIs may generate extra charges on your AWS Account. Refer to [AWS Pricing](https://aws.amazon.com/pricing) for more information.

| AWS API Name | AWS API Count | Frequency | Datastream |
|------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------|----------------------|
| IAM ListAccountAliases | 1 | Once on startup | all |
| STS GetCallerIdentity | 1 | Once on startup | all |
| EC2 DescribeRegions | 1 | Once on startup | all |
| CloudWatch ListMetrics | Total number of results / ListMetrics max page size (500, based on [AWS API ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) | Per region per collection period | metrics related only |
| CloudWatch GetMetricData | Total number of results / GetMetricData max page size (500, based on [AWS API GetMetricData](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html) | Per region per namespace per collection period | metrics related only |
| CloudWatch DescribeLogGroups | Total number of results / DescribeLogGroups max page size (50, based on [AWS API DescribeLogGroups](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogGroups.html) | Per region per collection period | logs related only |
| CloudWatch FilterLogEvents | Total number of results / FilterLogEvents max page size (1MB or 10'0000 events, based on [AWS API FilterLogEvents](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html) | Per log group per region per collection period | logs related only |
| CostExplorer GetCostAndUsage | Total number of results / GetCostAndUsage max page size (8192, based on [AWS API GetCostAndUsage](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetCostAndUsage.html) | Per CostExplorer Group Definition per region per collection period | AWS Billing |
| S3 ListObjectsV2 | Total number of results / ListObjectsV2 max page size (up to 1,000, based on [AWS API FilterLogEvents](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) | Per bucket per region per collection period | logs related only |
| S3 GetObject | 1 | Per object per collection period | logs related only |
| SecurityHub GetFindings | Total number of results / GetFindings max page size ( 100, based on [AWS API GetFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html) | Per region per collection period | AWS Security Hub | |
| SecurityHub GetInsights | Total number of results / GetInsights max page size ( 100, based on [AWS API GetInsights](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetInsights.html) | Per region per collection period | AWS Security Hub | |
| AWS API Name | AWS API Count | Frequency | Datastream |
|------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------|-----------------------|
| IAM ListAccountAliases | 1 | Once on startup | all |
| STS GetCallerIdentity | 1 | Once on startup | all |
| EC2 DescribeRegions | 1 | Once on startup | all |
| CloudWatch ListMetrics | Total number of results / ListMetrics max page size (500, based on [AWS API ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) | Per region per collection period | metrics related only |
| CloudWatch GetMetricData | Total number of results / GetMetricData max page size (500, based on [AWS API GetMetricData](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html) | Per region per namespace per collection period | metrics related only |
| CloudWatch DescribeLogGroups | Total number of results / DescribeLogGroups max page size (50, based on [AWS API DescribeLogGroups](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogGroups.html) | Per region per collection period | logs related only |
| CloudWatch FilterLogEvents | Total number of results / FilterLogEvents max page size (1MB or 10'0000 events, based on [AWS API FilterLogEvents](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html) | Per log group per region per collection period | logs related only |
| CostExplorer GetCostAndUsage | Total number of results / GetCostAndUsage max page size (8192, based on [AWS API GetCostAndUsage](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_GetCostAndUsage.html) | Per CostExplorer Group Definition per region per collection period | AWS Billing |
| S3 ListObjectsV2 | Total number of results / ListObjectsV2 max page size (up to 1,000, based on [AWS API FilterLogEvents](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) | Per bucket per region per collection period | logs related only |
| S3 GetObject | 1 | Per object per collection period | logs related only |
| SecurityHub GetFindings | Total number of results / GetFindings max page size ( 100, based on [AWS API GetFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html) | Per region per collection period | AWS Security Hub CSPM | |
| SecurityHub GetInsights | Total number of results / GetInsights max page size ( 100, based on [AWS API GetInsights](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetInsights.html) | Per region per collection period | AWS Security Hub CSPM | |
| SQS ReceiveMessage | 1 | Every 20s minimum (more frequent if messages are waiting) | logs related only (S3 notifications) |
| SQS DeleteMessage | 1 | Once per received message | logs related only (S3 notifications) |
| SQS ChangeMessageVisibility | 1 | When message processing exceeds 150s | logs related only (S3 notifications) |
Expand Down
4 changes: 2 additions & 2 deletions packages/aws/_dev/build/docs/securityhub.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Security Hub
# Security Hub CSPM

The [AWS Security Hub](https://docs.aws.amazon.com/securityhub/) integration collects and parses data from AWS Security Hub REST APIs.
The [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/) integration collects and parses data from AWS Security Hub REST APIs.

**IMPORTANT: Extra AWS charges on API requests will be generated by this integration. Check [API Requests](https://www.elastic.co/docs/current/integrations/aws#api-requests) for more details.**

Expand Down
7 changes: 7 additions & 0 deletions packages/aws/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,11 @@
# newer versions go on top
- version: "4.6.0"
changes:
- description: |
Rebrand AWS Security Hub as AWS Security Hub CSPM to align with the vendor's current branding.
This change is purely superficial and does not impact existing functionalities.
type: enhancement
link: https://github.com/elastic/integrations/pull/16195
- version: "4.5.0"
changes:
- description: Prevent updating fleet health status to degraded when the HTTPJSON template value evaluation is empty.
Expand Down
2 changes: 1 addition & 1 deletion packages/aws/data_stream/securityhub_findings/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
description: Pipeline for processing AWS Security Hub Findings logs.
description: Pipeline for processing AWS Security Hub CSPM Findings logs.
processors:
- remove:
field:
Expand Down
10 changes: 5 additions & 5 deletions packages/aws/data_stream/securityhub_findings/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
title: Collect AWS Security Hub Findings logs from AWS
title: Collect AWS Security Hub CSPM Findings logs from AWS
type: logs
streams:
- input: httpjson
title: Collect AWS Security Hub Findings from AWS
description: Collect AWS Security Hub Findings from AWS.
title: Collect AWS Security Hub CSPM Findings from AWS
description: Collect AWS Security Hub CSPM Findings from AWS.
template_path: httpjson.yml.hbs
vars:
- name: interval
type: text
title: Interval
description: Interval to fetch AWS Security Hub Findings from AWS. (Interval should be greater than 1 hour.)
description: Interval to fetch AWS Security Hub CSPM Findings from AWS. (Interval should be greater than 1 hour.)
multi: false
required: true
show_user: true
Expand All @@ -24,7 +24,7 @@ streams:
- name: initial_interval
type: text
title: Initial Interval
description: How far back to pull the AWS Security Hub Findings from AWS. (Initial Interval should be greater than 1 hour.)
description: How far back to pull the AWS Security Hub CSPM Findings from AWS. (Initial Interval should be greater than 1 hour.)
default: 24h
multi: false
required: true
Expand Down
2 changes: 1 addition & 1 deletion ...s/data_stream/securityhub_findings_full_posture/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
description: Pipeline for processing AWS Security Hub Findings Full Posture logs.
description: Pipeline for processing AWS Security Hub CSPM Findings Full Posture logs.
processors:
- remove:
field:
Expand Down
6 changes: 3 additions & 3 deletions packages/aws/data_stream/securityhub_findings_full_posture/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
title: Collect AWS Security Hub Findings Full Posture logs from AWS
title: Collect AWS Security Hub CSPM Findings Full Posture logs from AWS
type: logs
streams:
- input: httpjson
title: Collect AWS Security Hub Findings Full Posture from AWS
description: Collect AWS Security Hub Findings Full Posture from AWS.
title: Collect AWS Security Hub CSPM Findings Full Posture from AWS
description: Collect AWS Security Hub CSPM Findings Full Posture from AWS.
template_path: httpjson.yml.hbs
vars:
- name: enable_request_tracer
Expand Down
2 changes: 1 addition & 1 deletion packages/aws/data_stream/securityhub_insights/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
description: Pipeline for processing AWS Security Hub Insights logs.
description: Pipeline for processing AWS Security Hub CSPM Insights logs.
processors:
- remove:
field:
Expand Down
8 changes: 4 additions & 4 deletions packages/aws/data_stream/securityhub_insights/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
title: Collect AWS Security Hub Insights logs from AWS
title: Collect AWS Security Hub CSPM Insights logs from AWS
type: logs
streams:
- input: httpjson
title: Collect AWS Security Hub Insights from AWS
description: Collect AWS Security Hub Insights from AWS.
title: Collect AWS Security Hub CSPM Insights from AWS
description: Collect AWS Security Hub CSPM Insights from AWS.
template_path: httpjson.yml.hbs
vars:
- name: interval
type: text
title: Interval
description: Interval to fetch AWS Security Hub Insights from AWS.
description: Interval to fetch AWS Security Hub CSPM Insights from AWS.
multi: false
required: true
show_user: true
Expand Down
Loading