Configuration parameters
roleArn— Role ArnroleSessionName— Role Session NamedefaultRegion— AWS Default Region (required)sessionDuration— Role Session Durationcredentials— Access Keyaccess_key— Access Keysecret_key— Secret Keytimeout— Timeoutretries— Retriesendpoint_url— PrivateLink service URL.sts_endpoint_url— STS PrivateLink URL.sts_regional_endpoint— AWS STS Regional EndpointsisFetch— Fetch incidentsfirst_fetch_timestamp— First fetch time (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)incidentType— Incident typesh_severity— Security Hub Incidents Severity LeveladditionalFilters— Additional Incidents FiltersarchiveFindings— Change findings workflow to 'NOTIFIED'insecure— Trust any certificate (not secure)proxy— Use system proxy settingsmirror_direction— Incident Mirroring Directionresolve_finding— Resolve findings of closed incidents from XSOAR in AWS Security Hubfinding_type— Finding Typeworkflow_status— Workflow Statusproduct_name— Product Name
Commands (9)
-
aws-securityhub-batch-update-findingsUsed by Security Hub customers to update information about their investigation into a finding. Requested by master accounts or member accounts. Master accounts can update findings for their account and their member accounts. Member accounts can update findings for their account. Updates from BatchUpdateFindings do not affect the value of UpdatedAt for a finding. Master accounts can use BatchUpdateFindings to update the following finding fields and objects. * Confidence * Criticality * Note * RelatedFindings * Severity * Types * UserDefinedFields * VerificationState * Workflow Member accounts can only use BatchUpdateFindings to update the Note object.
-
aws-securityhub-disable-security-hubDisables Security Hub in your account only in the current Region. To disable Security Hub in all Regions, you must submit one request per Region where you have enabled Security Hub. When you disable Security Hub for a master account, it doesn't disable Security Hub for any associated member accounts. When you disable Security Hub, your existing findings and insights and any Security Hub configuration settings are deleted after 90 days and can't be recovered. Any standards that were enabled are disabled, and your master and member account associations are removed. If you want to save your existing findings, you must export them before you disable Security Hub.
-
aws-securityhub-enable-security-hubEnables Security Hub for your account in the current Region or the Region you specify in the request. Enabling Security Hub also enables the CIS AWS Foundations standard. When you enable Security Hub, you grant to Security Hub the permissions necessary to gather findings from AWS Config, Amazon GuardDuty, Amazon Inspector, and Amazon Macie. To learn more, see Setting Up AWS Security Hub.
-
aws-securityhub-get-findingsReturns a list of findings that match the specified criteria.
-
aws-securityhub-get-master-accountProvides the details for the Security Hub master account to the current member account.
-
aws-securityhub-list-membersLists details about all member accounts for the current Security Hub master account.
-
aws-securityhub-update-findingsDeprecatedDeprecated, use aws-securityhub-batch-update-findings instead.
-
get-mapping-fieldsReturns the list of fields to map in outgoing mirroring. This command is only used for debugging purposes.
-
get-remote-dataGet remote data from a remote incident. This method does not update the current incident, and should be used for debugging purposes only.