Disabling the flow of findings from a Security Hub CSPM integration - AWS Security Hub
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

Disabling the flow of findings from a Security Hub CSPM integration

Choose your preferred method, and follow the steps to disable the flow of findings from an AWS Security Hub CSPM integration.

Security Hub CSPM console
To disable the flow of findings from an integration (console)

  1. Open the AWS Security Hub CSPM console at https://eusc-de-east-1.console.amazonaws-eusc.eu/securityhub/.

  2. In the Security Hub CSPM navigation pane, choose Integrations.

  3. For integrations that send findings, the Status information indicates whether Security Hub CSPM is currently accepting findings from that integration.

  4. Choose Stop accepting findings.

Security Hub CSPM API

Use the DisableImportFindingsForProduct operation. If you're using the AWS CLI, run the disable-import-findings-for-product command. To disable the flow of findings from an integration, you need the subscription ARN for the enabled integration. To obtain the subscription ARN, use the ListEnabledProductsForImport operation. If you're using the AWS CLI, run the list-enabled-products-for-import.

For example, the following AWS CLI command disables the flow of findings to Security Hub CSPM from the CrowdStrike Falcon integration. This example is formatted for Linux, macOS, or Unix, and it uses the backslash (\) line-continuation character to improve readability.

$ aws securityhub disable-import-findings-for-product --product-subscription-arn "arn:aws-eusc:securityhub:us-west-1:123456789012:product-subscription/crowdstrike/crowdstrike-falcon"