🔥 3-day streak
AWS Certified Security - Specialty159 / 184
Question 159 of 184
A security team uses AWS Security Hub as the aggregation point for findings from GuardDuty, Amazon Inspector, and third-party partner products across a multi-account AWS Organizations environment. They want any finding with a severity label of CRITICAL to automatically create an incident ticket in their external ITSM system, while all other findings continue to be reviewed manually in the console. The solution must be fully event-driven, require no polling, and add no custom code to normalize the different finding formats from each source. Which approach best meets these requirements?
Reviewed for accuracy · Report an issueNext question