Description

Update existing documentation to reflect new AWS Security Hub integrations and branding.

1. Rebrand the existing integration:
   In the current docs, update the name AWS Security Hub to AWS Security Hub CSPM to match the vendor’s latest branding. This integration continues to ship only misconfiguration data and support enumeration in native misconfiguration workflows.
2. Add documentation for the new integration:
   We’ve introduced a new integration called AWS Security Hub, which is currently in tech preview. This integration uses the AWS Security Hub API to collect Findings in OCSF format and currently supports ingesting vulnerability findings, which are then surfaced in Elastic’s native vulnerability workflows.
3. Documentation placement:
   Please add an entry for the new AWS Security Hub integration under Ingest third-party security data

Resources

https://github.com/elastic/security-team/issues/13733
elastic/integrations#15932

Which documentation set does this change impact?

Elastic On-Prem and Cloud (all)

Feature differences

The feature is identical in all deployment methods

What release is this request related to?

9.3

Serverless release

The week of December 15, 2025

Collaboration model

The documentation team

Point of contact.

Main contact: @nick-alayil

Stakeholders: @kcreddy