steampipe plugin install awssteampipe plugin install aws

Table: aws_auditmanager_evidence_folder - Query AWS Audit Manager Evidence Folders using SQL

The AWS Audit Manager Evidence Folders are used to organize and store evidence collected for assessments. This evidence can be automatically collected by AWS Audit Manager or manually uploaded by users. The evidence folders help in managing compliance audits and providing detailed proof of how the data is being handled within the AWS environment.

Table Usage Guide

The aws_auditmanager_evidence_folder table in Steampipe provides you with information about evidence folders within AWS Audit Manager. This table allows you, as a DevOps engineer, to query evidence folder-specific details, including the ID, ARN, name, date created, and associated metadata. You can utilize this table to gather insights on evidence folders, such as the total count of evidence in the folder, the status of the evidence, verification of evidence source, and more. The schema outlines the various attributes of the evidence folder for you, including the evidence folder ID, ARN, creation date, and associated tags.

Examples

Basic info

Explore which evidence folders exist within your AWS Audit Manager to better manage and assess your compliance controls and evidence. This can help you identify areas where you might need to gather additional evidence or focus your auditing efforts.

select
  name,
  id,
  arn,
  assessment_id,
  control_set_id,
  control_id,
  total_evidence
from
  aws_auditmanager_evidence_folder;

select
  name,
  id,
  arn,
  assessment_id,
  control_set_id,
  control_id,
  total_evidence
from
  aws_auditmanager_evidence_folder;

Count the number of evidence folders by assessment ID

Explore how many evidence folders are associated with each assessment in your AWS Audit Manager. This is useful for understanding the volume of evidence collected for each audit, aiding in audit management and review processes.

select
  assessment_id,
  count(id) as evidence_folder_count
from
  aws_auditmanager_evidence_folder
group by
  assessment_id;

select
  assessment_id,
  count(id) as evidence_folder_count
from
  aws_auditmanager_evidence_folder
group by
  assessment_id;

Schema for aws_auditmanager_evidence_folder

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
arn	text		The Amazon Resource Name (ARN) specifying the evidence folder.
assessment_id	text	=	The identifier for the specified assessment.
assessment_report_selection_count	bigint		The total count of evidence included in the assessment report.
author	text		The name of the user who created the evidence folder.
control_id	text		The unique identifier for the specified control.
control_name	text		The name of the control.
control_set_id	text	=	The identifier for the control set.
data_source	text		The AWS service from which the evidence was collected.
date	timestamp with time zone		The date when the first evidence was added to the evidence folder.
evidence_aws_service_source_count	bigint		The total number of AWS resources assessed to generate the evidence.
evidence_by_type_compliance_check_count	bigint		The number of evidence that falls under the compliance check category.
evidence_by_type_compliance_check_issues_count	bigint		The total number of issues that were reported directly from AWS Security Hub, AWS Config, or both.
evidence_by_type_configuration_data_count	bigint		The number of evidence that falls under the configuration data category.
evidence_by_type_manual_count	bigint		The number of evidence that falls under the manual category.
evidence_by_type_user_activity_count	bigint		The number of evidence that falls under the user activity category.
evidence_resources_included_count	bigint		The amount of evidence included in the evidence folder.
id	text	=	The identifier for the folder in which evidence is stored.
name	text		The name of the specified evidence folder.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
region	text		The AWS Region in which the resource is located.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
title	text		Title of the resource.
total_evidence	bigint		The total amount of evidence in the evidence folder.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_auditmanager_evidence_folder