AWS Security Hub

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Solutions Index

---

Attribute	Value
Publisher	Microsoft Corporation
Support Tier	Microsoft
Support Link	https://support.microsoft.com
Categories	Security - Cloud Security,Cloud Provider
Version	3.0.3
Author	Microsoft - support@microsoft.com
First Published	2025-03-12
Last Updated	2026-06-12
Solution Folder	AWS Security Hub
Marketplace	Azure Marketplace · Popularity: 🔵 Medium (65%)

AWS Security Hub Solution for Microsoft Sentinel provides data connector to ingest AWS Security Hub findings into Microsoft Sentinel.

Additional Information

📖 Setup Guide: Connect Microsoft Sentinel to AWS - Configure your AWS environment for Microsoft Sentinel integration

Contents

• Data Connectors
• Tables Used
• Content Items

Data Connectors

This solution provides 1 data connector(s):

• AWS Security Hub Findings (via Codeless Connector Framework)

Tables Used

This solution uses 1 table(s):

Table	Used By Connectors	Used By Content
AWSSecurityHubFindings	AWS Security Hub Findings (via Codeless Connector Framework)	Analytics, Hunting, Workbooks

Content Items

This solution includes 12 content item(s):

Content Type	Count
Analytic Rules	8
Hunting Queries	3
Workbooks	1

Analytic Rules

Name	Severity	Tactics	Tables Used
AWS Security Hub - Detect CloudTrail trails lacking KMS encryption	Medium	Impact, DefenseEvasion	AWSSecurityHubFindings
AWS Security Hub - Detect EC2 Security groups allowing unrestricted high-risk ports	High	InitialAccess, LateralMovement, Discovery	AWSSecurityHubFindings
AWS Security Hub - Detect IAM Policies allowing full administrative privileges	High	Persistence, PrivilegeEscalation	AWSSecurityHubFindings
AWS Security Hub - Detect IAM root user Access Key existence	High	PrivilegeEscalation, Persistence	AWSSecurityHubFindings
AWS Security Hub - Detect SQS Queue lacking encryption at rest	Medium	Impact	AWSSecurityHubFindings
AWS Security Hub - Detect SQS Queue policy allowing public access	High	Exfiltration, Collection	AWSSecurityHubFindings
AWS Security Hub - Detect SSM documents public sharing enabled	High	Execution	AWSSecurityHubFindings
AWS Security Hub - Detect root user lacking MFA	High	PrivilegeEscalation, Persistence, CredentialAccess, DefenseEvasion	AWSSecurityHubFindings

Hunting Queries

Name	Tactics	Tables Used
AWS Security Hub - CloudTrail trails without log file validation	DefenseEvasion	AWSSecurityHubFindings
AWS Security Hub - EC2 instances with public IPv4 address	InitialAccess, Exfiltration	AWSSecurityHubFindings
AWS Security Hub - IAM users with console password and no MFA	PrivilegeEscalation, CredentialAccess, DefenseEvasion	AWSSecurityHubFindings

Workbooks

Name	Tables Used
AWSSecurityHubComplianceWorkbook	AWSSecurityHubFindings

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.4	11-06-2026	Updated content ID and version for the AWS Security Hub solution.
3.0.3	27-05-2026	Adding new Workbook for AWS Security Hub Compliance
3.0.2	27-08-2025	AWS Security Hub added Analytical Rule and Hunting Queries
3.0.1	27-06-2025	AWS Security Hub CCF Data Connector moving to GA
3.0.0	14-05-2025	New Data Connector, Pre Release

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Solutions Index