Used for questions related to the Amazon Web Services (AWS) Security Hub service.
Questions tagged [aws-security-hub]
31 questions
3
votes
1 answer
Aws ECS Fargate enforce readonlyfilesystem
I need to enforce on ECS Fargate services 'readonlyrootFileSystem' to reduce Security hub vulnerabilities.
I thought it was an easy task by just setting it true in the task definition.
But it backfired as the service does not deploy because the…
bruvio
- 853
- 1
- 9
- 30
2
votes
1 answer
Security Hub - AWS Foundational Security Best Practices - S3.2 S3 buckets should prohibit public read access
We have some public read S3 buckets for hosting static web content.
In security hub they are being flagged as a 'CRITICAL' failure titled "S3 buckets should prohibit public read access".
The remediation documentation…
Will
- 78
- 5
2
votes
0 answers
How to specify which standards are enabled when enabling AWS SecurityHub via Terraform at the organization level
We have deployed AWS SecurityHub across our organization using the following configuration:
resource "aws_securityhub_organization_admin_account" "infosec-security-hub" {
admin_account_id = "12345678"
provider = aws.org-root
}
resource…
immutableT
- 439
- 4
- 13
1
vote
1 answer
Programmatically Mapping AWS Resource Types to AWS Services
I would like to map AWS Resource Types to AWS Services programmatically when fetching AWS SecurityHub findings. For example, if an AWS SecurityHub finding indicates the affected resource with AwsS3Bucket, I would like to convert that to AWS S3 as…
SyCode
- 1,077
- 4
- 22
- 33
1
vote
1 answer
SecurityHub Insufficient Permissions
I have a multi account organization with AWS SSO. I messed with securityhub a while back ago and would be able to enable/disable it. A year later I tried using it again but I cannot get into it. I've tried accessing it with my root account, and even…
jazzmasterkc
- 379
- 6
- 17
1
vote
1 answer
Include OS type (Linux/Windows) in Cloud Custodian's EC2 findings for AWS Security Hub
We have a Cloud Custodian policy for AWS EC2 that posts its findings to AWS Security Hub.
Is there a way to include the EC2 OS type (Linux/Windows) in the details that are sent to Security Hub by Cloud Custodian?
We're pushing Security Hub findings…
Harish KM
- 1,303
- 7
- 17
1
vote
1 answer
Enable AWS Security Hub with CloudFormation Templates
The CloudFormation documentation for Security Hub is very limited.
I wonder if it is possible to do the following in CloudFormation
Enable Security Hub in specified accounts or all accounts for an
organization.
There’s a sample script to automate…
voodoo_teddy
- 11
- 2
1
vote
0 answers
AWS Config is not appropriately enabled on some accounts alert in organizational securityhub (terraform)
I have deployed security hub to a security account in aws. It shows as connecting to all accounts, but i get multiple errors for:
AWS Config is not appropriately enabled on some accounts AWS Config is
required for Security Hub's security checks.…
Staggerlee011
- 847
- 2
- 13
- 23
1
vote
1 answer
SQL Cookie Rule Flagging
I my scenario SQL cookie rule being triggered but the cookies do not have anything malicious in them WAF. Could anyone please let me know why this is?
I've replicated the issue with false positive (blocked valid request) by the Rule SQLi_COOKIE from…
santosh baruah
- 69
- 6
1
vote
1 answer
How to automatically enable the ELB Cipher policy specified in the Cloudformation
Policies that I specified under Cloudformation ELB Policies attribute is not enabled after deployment. I had to enable it manually util then the old default Policy was in effect. How to automatically enable the ELB Cipher policy specified in the…
auhuman
- 962
- 2
- 13
- 34
1
vote
0 answers
Prevent sending duplicated Securityhub findings to Slack
I am sending SecurityHub New findings to an Slack channel, however the problem is that it is sending the same findings over and over again and it would be very noisy in the channel.
The event rule is as below:
EventRule:
Type:…
Matrix
- 2,399
- 5
- 28
- 53
0
votes
1 answer
Deploy CloudFormation template using Terrafom
I need to setup an automated process to report Security Hub findings regularly to the relevant member account based on AWS account ownership. In my investigation, I found the repository below that does what I was looking…
Stanley
- 3
- 2
0
votes
0 answers
Securityhub "The request is rejected since no such resource found." exception using sdk
getting the following exception while cleaning up securityhub using aws sdk
The request is rejected since no such resource found.,
in region Asia Pacific (Singapore) (ap-southeast-1)
i hv tried cleaning up security hub in multiple regions and have…
0
votes
0 answers
How to filter aws security hub findings from ECR repository name using boto3
Im writing a lambda function get AWS security hub findings and export it to another platform to analyze it. im using following code with boto3 to get the findings
securityhub_client = boto3.client('securityhub')
securityhub_client.get_findings()
it…
Shadow
- 1
- 1
0
votes
1 answer
Does AWS S3 Same-Region Replication (SRR) uses public or private internet to transfer data?
I'm in need of transferring some highly sensitive data and trying to avoid public internet for egress/ingress traffic.
Trying to find out if AWS uses the private(internal) network to replicate objects or uses the public internet to transfer them,…
Ash
- 1,180
- 3
- 22
- 36