aws.securityhub-finding

AWS SecurityHub Findings

example:

Use the default filter set, which includes active unresolved findings that have failed compliance checks

policies:
  - name: aws-security-hub-findings
    resource: aws.securityhub-finding

example:

Show findings for a specific control ID, overriding default filters

policies:
  - name: aws-security-hub-findings
    resource: aws.securityhub-finding
    query:
      - Filters:
          ComplianceSecurityControlId:
            - Comparison: EQUALS
              Value: RDS.23

Reference for available filters:

https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html#API_GetFindings_RequestSyntax

Filters

• event

• list-item

• ops-item

• reduce

• value

Actions

• invoke-lambda

• invoke-sfn

• notify

• post-finding

• post-item

• put-metric

• webhook