Hello Community,

Some great news for Security and Risk applications users running AWS workloads.

ServiceNow and AWS have expanded their partnership to provide security incident automation & orchestration to your security alerts coming from cloud infrastructure hosted in AWS.

	AWS Security Hub provides customers with a single place that aggregates, organizes and prioritizes security alerts from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector and Amazon Macie, as well as from AWS Partner solutions. With this new partnership, Security Operations will provide data-driven and automated incident response to AWS customers.

Once an alert is generated in Security Hub that meets defined criteria, an incident or ticket is created in Security Operations. For example, in Security Operations, threat lookups and observable enrichment are automatically run on the security incidents, and the operator can assign predefined workflows aligned to the incident category (e.g. malware, phishing, etc.). Analysts can also manually forward selected events on-demand from the AWS Security Hub console.

Using built-in workflows, ServiceNow then routes the incident to the correct personnel or response tools to contain the threat. Post-incident reporting, customizable dashboards and metrics help teams improve processes going forward and provide a view of the overall security posture.

If you are interested in joining the early adopter program, please sign up here.

The team will get in touch with you for next steps.

Demo:

For more information