Security RX Cloud provides a unified security and posture management solution to streamline the discovery, management, and remediation process for cloud security findings. This guide walks you through setting up the integration with AWS Security Hub.
Overview
Security RX Cloud uses a polling integration with AWS Security Hub, which is different from the existing webhook-based integration. This polling method allows for more comprehensive data collection and better integration with New Relic's auto-discovery capabilities.
Prerequisites
Before setting up Security RX Cloud, ensure you have:
- A New Relic account with Security RX access and appropriate user permissions
- An AWS account with AWS Security Hub enabled
- Appropriate IAM permissions for the integration
- A New Relic license key for the account you want to report data to
Connect your AWS account
There are two setup paths depending on whether you're a new user or already have an existing AWS integration with New Relic.
For new users
If you're connecting your AWS account to New Relic for the first time:
Navigate to the integration setup
- From the New Relic platform, navigate to Infrastructure > AWS
- Click Add an AWS account and follow the guided instructions
- For detailed guidance on the API polling integration, see our AWS integration documentation
Choose Security Hub Configuration
During the setup process, you'll see integration options including Security Hub Configuration
Select Security Hub Configuration to enable cloud security monitoring
Select Security Hub configurations during the AWS integration setup process.
Choose your preferred setup method:
- CloudFormation (recommended for most users)
- Manual integration (for custom configurations)
- Terraform (for infrastructure as code workflows)
Configure auto-discovery
- When prompted, enable auto-discovery to automatically identify cloud resources
- Select the AWS regions you want to monitor
- Choose your polling frequency:
- 6 hours (more frequent updates)
- 12 hours (standard frequency)
- Save your configuration
Complete the setup
- Follow the remaining guided setup steps
- If using CloudFormation, launch the provided template in your AWS account
- Verify the integration is working by checking for incoming data
For existing AWS integration users
If you already have an AWS account connected to New Relic:
Access integration management
- Navigate to Infrastructure > AWS
- Find your existing AWS account integration
- Click Manage AWS Integration
Install Security Hub integration
- Look for AWS Security Hub in the available integrations list
- If not already configured, you'll see an Install button
- Click Install to begin the setup process
Configure Security Hub settings
- Select your polling frequency (6 or 12 hours)
- Choose which AWS regions to monitor
- Save your configuration
Install auto-discovery (optional but recommended)
- Look for AWS Auto Discovery in the integration list
- If not already enabled, click Install
- Configure regional settings and scanning frequency
- Save the auto-discovery configuration
How auto-discovery works with Security RX Cloud
Security RX Cloud is built to leverage New Relic's core platform capabilities through Cloud 360 auto-discovery:
Resource identification with Cloud 360
When you connect your AWS account and enable Cloud 360 auto-discovery, our system:
- Automatically identifies all your cloud resources (EC2 instances, S3 buckets, RDS databases, Lambda functions, etc.)
- Brings them into New Relic as monitored entities
- Fetches live configuration data for these resources
- Continuously monitors for new resources as your cloud environment evolves
Security enrichment
Security RX Cloud then enhances these entities by:
- Enriching them with security findings from AWS Security Hub
- Providing contextual information about misconfigurations
- Displaying current resource configuration alongside proposed remediation steps
This integration makes it easy to see exactly what's wrong with a resource and how the proposed fix will correct it.
Integration with CSPM vendors
AWS Security Hub options
Security RX Cloud integrates with AWS Security Hub, which can aggregate findings from multiple security tools:
- AWS native services: GuardDuty, Inspector, Config, etc.
- Third-party CSPM tools: Any tool that publishes findings to Security Hub
- Custom security findings: Your own security tools that integrate with Security Hub
Understanding the golden path
For optimal outcomes with Security RX Cloud:
- Enable AWS Security Hub as your central security findings aggregator
- Configure your preferred CSPM tools to publish findings to Security Hub
- Use Cloud 360 auto-discovery to ensure all resources are monitored and contextualized
- Set appropriate polling frequency based on your security requirements
Learn more about AWS cloud integrations in New Relic.
Troubleshooting common setup issues
Integration not showing data
If you don't see security findings after setup:
- Verify AWS Security Hub is enabled in your monitored regions
- Check that your IAM permissions include Security Hub read access
- Confirm that security findings exist in AWS Security Hub
- Wait for the next polling cycle (up to 12 hours depending on your settings)
Auto-discovery not finding resources
If resources aren't being discovered:
- Verify auto-discovery is enabled for the correct regions
- Check IAM permissions for EC2, S3, RDS, and other service read access
- Ensure resources exist in the monitored regions
- Wait for the next discovery scan
Performance considerations
- Choose polling frequency based on your security response requirements
- Monitor usage to ensure you're within your New Relic data limits
- Consider regional scope to focus on your most critical environments
Next steps
After completing the integration setup:
- Review the cloud misconfiguration prioritization guide to understand how findings are scored
- Learn about remediation workflows for fixing misconfigurations
- Choose your workflow based on your role: