The Botprise platform can be used to automatically remediate the findings reported by AWS Security hub for your AWS Services. The following steps need to be followed:
1. Enable Security hub on your account and configure it to send the findings to a SNS topic via the cloud watch event.
2. Login to your Botprise Account, under the integration mesh create an AWS integration as:
a. First create an Outbound integration by specifying the AWS Access Key and
Secret Key pair.
b. Create an inbound integration where you will be required to generate a webhook
c. Copy that webhook URL and head over to your AWS SNS topic configured to
receive findings from Security hub, create a new HTTP/S subscription and paste
the generated webhook URL there.
d. Once the SNS subscription is configured, send a sample security hub event and
on the inbound modeller screen using that event create a mapper and save the
3. With the integration in place,you will start receiving Security Hub findings in your
Botprise Event hub screen.
4. On the event hub screen select two similar Security hub findings events and generate a Botprise Trigger unit by extracting the required entities from the event received.
5. In the workflow designer studio, create a workflow using the Botprise trigger unit and the Botprise Automation unit required for performing the remediation of the reported AWS service.
6. Next time when the event hub will receive an event for which the workflow was created, it will get triggered and perform the remediation.
7. After the remediation, itwill change the state of the security hub findings from active to archive and add a note to it