From afe99ba05ca37817e3828c92f15aa8344cf66461 Mon Sep 17 00:00:00 2001
From: suhailc <suhailc@gmail.com>
Date: Wed, 11 Dec 2019 12:41:06 +0000
Subject: [PATCH] Create SecurityHubFindingsToSlack_cloudwatch_rule.txt

added a cloudwatch rule example to send only HIGH and CRITICAL events to Slack
---
 SecurityHubFindingsToSlack_cloudwatch_rule.txt | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 SecurityHubFindingsToSlack_cloudwatch_rule.txt

diff --git a/SecurityHubFindingsToSlack_cloudwatch_rule.txt b/SecurityHubFindingsToSlack_cloudwatch_rule.txt
new file mode 100644
index 0000000..1a88796
--- /dev/null
+++ b/SecurityHubFindingsToSlack_cloudwatch_rule.txt
@@ -0,0 +1,15 @@
+{
+  "source": [
+    "aws.securityhub"
+  ],
+  "detail": {
+    "findings": {
+      "ProductFields": {
+        "aws/securityhub/SeverityLabel": [
+          "HIGH",
+          "CRITICAL"
+        ]
+      }
+    }
+  }
+}