Hello,
I have been trying to figure out how to export the findings in AWS Security Hub to use them in reporting. I found a reference to CLI commands that are supposed to be available.
https://docs.aws.amazon.com/cli/latest/reference/securityhub/get-findings.html
When I try: aws securityhub get-findings
I get nada, just the standard list of services I can use. In fact there do not seem to be any securityhub commands available.
Has anyone tried this? Security Hub seems like a great resource but it needs to be reportable.
Ken
2 Answers
AWS Security Hub is not listed as an Available Service. See https://help.acloud.guru/hc/en-us/articles/360001389256-AWS-Cloud-Sandbox.
That command is correct provided that you specify your region or setup a profile. The problem you will run into with the above command is (TooManyRequestException). You must use a filter or set a max value. Try aws securityhub get-findings –max-items=1
https://docs.aws.amazon.com/cli/latest/reference/securityhub/get-findings.html
Thank you. I’ll give that a try.
If you would like to take it a step further, you can add filters: Below I added filters to only return CRITICAL issues that are in a FAIL status:
aws securityhub get-findings –filter SeverityLabel={Value=CRITICAL,Comparison=EQUALS},ComplianceStatus={Value=FAILED,Comparison=EQUALS}