My integration with Security Hub appears to have stopped working and is not creating alerts.
I can see in the logs that it is receiving them, but it doesn't appear to create any alerts.
I have received the "Subscription confirmed" alert and get them when publishing messages directly from the SNS topic, but not when using custom actions from Security Hub.
Here are the logs
```
[AmazonSecurityHub-Custom] Processed incomingData
2025/05/12 16:52:47.708
[AmazonSecurityHub-Custom] Started to execute action: Create Alert
2025/05/12 16:52:47.698
Hello @Dan Williams
Thank you for contacting the Atlassian Community! This is Mubeen, I am here to help!
I can see the logs you shared confirm that the Security Hub integration is able to receive data to the Opsgenie instance. So this confirms this could be a simple issue with alert being deduplicated
After the section where you noticed the processing of incoming data, you can further verify the logs to check if the alert is being deduplicated. Alert deduplication occurs based on the Alias values included in the alert. You may also consider triggering a new alert after closing all existing open alerts generated through the Security Hub integration to rule out the possibility of deduplication.
I hope the details provided are helpful!
Regards
Mubeen Mohammed
Cloud Support Engineer
Thanks for the reply
I don't believe it's a deduplication issue, as the alert wasn't even created. I can't see anywhere in the logs to suggest it was created.
I gave up in the end with the Security Hub integration and tried it with an Amazon SNS integration instead, and it works fine with that. The only issue being is the message comes through as a JSON object and I wasn't able to parse it into meaningful properties.
One thing to note is that I created the integration using Terraform provider and when I tried to manually edit the incoming alert rule it complained about the region being missing. I tried to add it as a property but it wouldn't work.
I then set up a Jira Service Management trial as I'm aware OpsGenie is being retired and the Security Hub integration works perfectly fine, so I'll probably just stick with that once we fully migrate.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello @Dan Williams
Thank you for following up and providing additional details regarding your integration issue.
It's great to hear that your Amazon SNS integration is working, although I understand the challenge with parsing the JSON object into meaningful properties. Regarding the issue with the Security Hub integration created via the Terraform provider, it sounds like there might have been a configuration issue, especially since you mentioned an error related to the region when attempting to manually edit the incoming alert rule.
Given this, your plan to transition to Jira Service Management seems like a solid approach, especially since you confirmed that the Security Hub integration works seamlessly there. This migration might offer a more streamlined experience, considering Opsgenie's end of life.
If you need further technical assistance or would like to delve deeper into the integration setup, I recommend opening a support request with our team. You can reach out through our support portal here: Atlassian Support. This will allow us to look into your instance details more closely and provide you with tailored support.
I hope the details provided are helpful!
Regards
Mubeen Mohammed
Cloud Support Engineer
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Online forums and learning are now in one easy-to-use experience.
By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.