SecurityHub

Parny supports direct integration with SecurityHub alerts. SecurityHub is a network and system monitoring tool that can create alarms to detect and prevent potential problems. This documentation explains how to redirect alarms created in SecurityHub to a webhook using Parny.

Parny Settings

1. Go to the Parny interface.

2. Navigate to the "Services" section of your organization.

3. Click on the "New Services" option in the upper right corner.

4. Enter the relevant service name.

Service Name Usage: The service name here is independent of the structure and can be chosen according to the preferences of the organization.

5. Select SecurityHub from the list of integrations.

6. Click "Add".

7. After the service is created, the following screen will appear.

• You can now click on the token section of your service and copy your SecurityHub Webhook URL.

SecurityHub Configuration

In this section, we will guide you through "Adding Webhook".

Adding Webhook

1. First, you must go to EventBridge via the AWS Console. Then go to the rules section and select the "Create Rule" option.

2. Then the event definition screen is encountered. Here, the naming is done as follows and the "Event Bus" is selected as default.

3. Pattern definition should be made for Eventbridge. It can be done as follows (Optionally, other parameters that SecurityHub supports can be added).

AWS EventBridge Event Pattern Definition Sample:

{
  "source": ["aws.securityhub"],
  "detail-type": ["Security Hub Findings - Imported"],
  "detail": {
    "findings": {
      "Severity": {
        "Label": ["CRITICAL", "HIGH"]
      },
      "Workflow": {
        "Status": ["NEW", "NOTIFIED"]
      }
    }
  }
}

4. Finally, "Target" should be selected as SNS topic.

5. After all the processes are completed, the settings on the SNS side should be made. The relevant SNS topic is reached.

6. By clicking "Create Subscription", firstly, the Parny Webhook is set. The webhook from Parny should be included here.

7. After checking the relevant Topic ARN, it should be called HTTPS and the Webhook URL should be entered in the Endpoint section. At this point, Parny will automatically do the Subscription process for you. Also, "Enable raw message delivery" must be selected.

Webhook: Make sure that the webhook used here is the webhook you received from Parny Portal and that the relevant token matches the token you viewed on Parny Portal.

With these settings, your SecurityHub alarms will be forwarded to Parny, allowing you to manage them alongside your other alerts within your organization's Parny interface.