Cloud-AWS icon indicating copy to clipboard operation
Cloud-AWS copied to clipboard

Published 20 hours ago verified publisher icon CrowdStrike

Findings Not Populating in Security Hub After CrowdStrike Subscription ([security-hub-integration.yaml])

Open AditModi opened this issue 1 year ago • 6 comments
trafficstars

I successfully deployed the CloudFormation template for the CrowdStrike integration with Security Hub link. However, even after subscribing to CrowdStrike findings in the deployed region, I am not seeing any findings populate within Security Hub.

Steps to Reproduce:

  • Deployed the CloudFormation template with necessary parameters.
  • Successfully launched the stack.
  • Subscribed to CrowdStrike findings in the deployed region ([us-east-1]).
  • Verified Security Hub for findings, but none are present.

Expected Behavior:

  • After deployment and subscription, Security Hub should begin receiving and displaying findings from CrowdStrike.

Actual Behavior:

  • No CrowdStrike findings are populating in Security Hub.

Possible Causes:

  • Issue with Lambda function processing detections and submitting findings to Security Hub.
  • Misconfiguration during subscription process within CrowdStrike.

AditModi avatar Jun 07 '24 04:06 AditModi