AWS - Security Hub

Amazon Web Services Security Hub Service.

IT Services · AWS - Security Hub

Configuration parameters

  • roleArn — Role Arn
  • roleSessionName — Role Session Name
  • defaultRegion — AWS Default Region (required)
  • sessionDuration — Role Session Duration
  • credentials — Access Key
  • access_key — Access Key
  • secret_key — Secret Key
  • timeout — Timeout
  • retries — Retries
  • endpoint_url — PrivateLink service URL.
  • sts_endpoint_url — STS PrivateLink URL.
  • sts_regional_endpoint — AWS STS Regional Endpoints
  • isFetch — Fetch incidents
  • first_fetch_timestamp — First fetch time (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)
  • incidentType — Incident type
  • sh_severity — Security Hub Incidents Severity Level
  • additionalFilters — Additional Incidents Filters
  • archiveFindings — Change findings workflow to 'NOTIFIED'
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • mirror_direction — Incident Mirroring Direction
  • resolve_finding — Resolve findings of closed incidents from XSOAR in AWS Security Hub
  • finding_type — Finding Type
  • workflow_status — Workflow Status
  • product_name — Product Name

Commands (9)

  • aws-securityhub-batch-update-findings

    Used by Security Hub customers to update information about their investigation into a finding. Requested by master accounts or member accounts. Master accounts can update findings for their account and their member accounts. Member accounts can update findings for their account. Updates from BatchUpdateFindings do not affect the value of UpdatedAt for a finding. Master accounts can use BatchUpdateFindings to update the following finding fields and objects. * Confidence * Criticality * Note * RelatedFindings * Severity * Types * UserDefinedFields * VerificationState * Workflow Member accounts can only use BatchUpdateFindings to update the Note object.

  • aws-securityhub-disable-security-hub

    Disables Security Hub in your account only in the current Region. To disable Security Hub in all Regions, you must submit one request per Region where you have enabled Security Hub. When you disable Security Hub for a master account, it doesn't disable Security Hub for any associated member accounts. When you disable Security Hub, your existing findings and insights and any Security Hub configuration settings are deleted after 90 days and can't be recovered. Any standards that were enabled are disabled, and your master and member account associations are removed. If you want to save your existing findings, you must export them before you disable Security Hub.

  • aws-securityhub-enable-security-hub

    Enables Security Hub for your account in the current Region or the Region you specify in the request. Enabling Security Hub also enables the CIS AWS Foundations standard. When you enable Security Hub, you grant to Security Hub the permissions necessary to gather findings from AWS Config, Amazon GuardDuty, Amazon Inspector, and Amazon Macie. To learn more, see Setting Up AWS Security Hub.

  • aws-securityhub-get-findings

    Returns a list of findings that match the specified criteria.

  • aws-securityhub-get-master-account

    Provides the details for the Security Hub master account to the current member account.

  • aws-securityhub-list-members

    Lists details about all member accounts for the current Security Hub master account.

  • aws-securityhub-update-findings Deprecated

    Deprecated, use aws-securityhub-batch-update-findings instead.

  • get-mapping-fields

    Returns the list of fields to map in outgoing mirroring. This command is only used for debugging purposes.

  • get-remote-data

    Get remote data from a remote incident. This method does not update the current incident, and should be used for debugging purposes only.