diff --git a/SecurityHubFindingsToSlack_cloudwatch_rule.txt b/SecurityHubFindingsToSlack_cloudwatch_rule.txt
new file mode 100644
index 0000000..1a88796
--- /dev/null
+++ b/SecurityHubFindingsToSlack_cloudwatch_rule.txt
@@ -0,0 +1,15 @@
+{
+  "source": [
+    "aws.securityhub"
+  ],
+  "detail": {
+    "findings": {
+      "ProductFields": {
+        "aws/securityhub/SeverityLabel": [
+          "HIGH",
+          "CRITICAL"
+        ]
+      }
+    }
+  }
+}