v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/aws
Overview
496Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install aws

Table: aws_securityhub_enabled_product_subscription - Query AWS Security Hub Enabled Product Subscriptions using SQL

AWS Security Hub provides a comprehensive view of your security alerts and compliance status across AWS accounts. By enabling specific security products, you can centralize and analyze security findings from various AWS services and partner solutions. The aws_securityhub_enabled_product_subscription table in Steampipe allows you to query information about the security products that have been enabled in AWS Security Hub.

Table Usage Guide

The aws_securityhub_enabled_product_subscription table enables security analysts and cloud administrators to gather detailed insights into the products that are enabled in AWS Security Hub. You can query various aspects of these products, such as their activation URLs, integration types, categories, and company details. This table is particularly useful for monitoring the active security products, managing integrations, and ensuring that your security tools are configured correctly.

Examples

Basic product information

Retrieve basic information about the enabled security product subscriptions.

select
  arn,
  title,
  akas
from
  aws_securityhub_enabled_product_subscription;
select
  arn,
  title,
  akas
from
  aws_securityhub_enabled_product_subscription;

List products for enabled subscriptions

Identify all products for the subscriptions that are enabled.

select
  s.arn as subscription_arn,
  p.product_arn,
  p.name as product_name,
  p.company_name as product_company_name,
  p.marketplace_url,
  p.integration_types
from
  aws_securityhub_enabled_product_subscription as s,
  aws_securityhub_product as p,
  jsonb_array_elements(
    p.product_subscription_resource_policy -> 'Statement'
  ) as m
where
  (m ->> 'Resource') = s.arn;
select
  s.arn as subscription_arn,
  p.product_arn,
  p.name as product_name,
  p.company_name as product_company_name,
  p.marketplace_url,
  p.integration_types
from
  aws_securityhub_enabled_product_subscription s,
  aws_securityhub_product p,
  json_each(
    p.product_subscription_resource_policy,
    '$.Statement'
  ) as m
where
  json_extract(m.value, '$.Resource') = s.arn;

Schema for aws_securityhub_enabled_product_subscription

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) of the product subscription.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_securityhub_enabled_product_subscription