This quick start enables customers of Datadog's security platform to send security signals from Datadog to AWS Security Hub. It uses CloudFormation, an accompanying Lambda function, and Datadog's integration with Eventbridge to create a one-way integration from Datadog's security products to AWS Security Hub.
If you would like to send security alerts from AWS Security Hub to Datadog, you should instead follow these steps.
jqinstalled on your command line- Valid AWS credentials capable of deploying this project
- AWS SAM (Serverless Application Model CLI)
- Configure the Datadog Event Bridge Integration. Documentation exists for this here.
- In Datadog, create a security notification rule naming @awseventbridge-YOUR_BRIDGE_NAME as the destination.
- Deploy the SAM template. You'll need to provide the EventBridge bus name and the ARN of your SecurityHub.
SecurityHub ARNs can be found by running
aws securityhub describe-hub | jq .HubArnin the region that you'd like to aggregate all Datadog findings in.
The prototype will ship findings from Datadog to SecurityHub which contain the tag: iaas:aws.
Any other custom alerts can be sent as well by adding the tag securityhub.
Example Datadog security signal viewed in AWS Security Hub:
- Run
make buildThis builds the testing docker container - Run
make test - Prior to committing code, please format using
make format
This project is licensed under the Apache 2 License