[meta] Update AWS Security Hub integration to Leverage Native Cloud Security Workflows

[kcreddy]

As part of effort to leverage Cloud Security workflows such as Elastic CSPM and CNVM for 3rd party integrations, the vulnerabilities data from AWS Security Hub needs to be enriched just like previous enhancements for Wiz, AWS Security Hub, and Qualys VMDR.

For this work, a new data stream needs to be created which ingests vulnerability findings from AWS Security Hub to support Elastic CNVM workflow.

Goals

• Capture vulnerability findings aggregated in Security Hub (e.g., from Amazon Inspector).
• Map them into ECS following the CDR guide to ensure consistency with native Elastic Cloud Security features.
• Enable customers to analyze vulnerabilities alongside misconfigurations in Elastic’s unified Cloud Security Findings pages.

Tasks:

• Get access to AWS Security Hub environment.
• Analyse required mapping changes for AWS Security Hub and get feedback from Cloud team.
• AWS Security Hub: Implement mappings for Cloud Security Vulnerability Workflows #15425
• AWS Security Hub: Implement transform for Cloud Security Vulnerability Workflows #15426

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)