steampipe plugin install aws

Table: aws_securityhub_hub - Query AWS Security Hub using SQL

The AWS Security Hub provides a comprehensive view of your high-priority security alerts and compliance status across your AWS accounts. It aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner solutions. The findings are then visually summarized on integrated dashboards with actionable graphs and tables.

Table Usage Guide

The aws_securityhub_hub table in Steampipe provides you with information about Hub resources within AWS Security Hub. This table allows you, as a DevOps engineer, to query Hub-specific details, including the ARN, subscription status, and auto-enable controls. You can utilize this table to gather insights on Hub resources, such as their subscription status, whether auto-enable controls are activated, and more. The schema outlines the various attributes of the Security Hub for you, including the Hub ARN, auto-enable controls status, and associated tags.

Examples

Basic info

Explore which AWS Security Hub settings are automatically enabling controls and when they were subscribed to, across different regions. This can help in managing security protocols and ensuring timely compliance across the organization's AWS infrastructure.

select
hub_arn,
auto_enable_controls,
subscribed_at,
region
from
aws_securityhub_hub;
select
hub_arn,
auto_enable_controls,
subscribed_at,
region
from
aws_securityhub_hub;

List hubs that do not automatically enable new controls

Identify hubs within the AWS Security Hub service that have not been configured to automatically enable new controls. This can be useful in assessing the level of manual intervention required in your security management process.

select
hub_arn,
auto_enable_controls
from
aws_securityhub_hub
where
not auto_enable_controls;
select
hub_arn,
auto_enable_controls
from
aws_securityhub_hub
where
auto_enable_controls = 0;

List administrator account details for the hub

Explore the details of administrator accounts in the security hub, including invitation status and time, to manage and monitor account usage. This is particularly useful in tracking the status of administrator invitations and maintaining security controls.

select
hub_arn,
auto_enable_controls,
administrator_account ->> 'AccountId' as administrator_account_id,
administrator_account ->> 'InvitationId' as administrator_invitation_id,
administrator_account ->> 'InvitedAt' as administrator_invitation_time,
administrator_account ->> 'MemberStatus' as administrator_status
from
aws_securityhub_hub
where
administrator_account is not null;
select
hub_arn,
auto_enable_controls,
json_extract(administrator_account, '$.AccountId') as administrator_account_id,
json_extract(administrator_account, '$.InvitationId') as administrator_invitation_id,
json_extract(administrator_account, '$.InvitedAt') as administrator_invitation_time,
json_extract(administrator_account, '$.MemberStatus') as administrator_status
from
aws_securityhub_hub
where
administrator_account is not null;

Schema for aws_securityhub_hub

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe AWS Account ID in which the resource is located.
administrator_accountjsonbProvides the details for the Security Hub administrator account for the current member account.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
auto_enable_controlsbooleanWhether to automatically enable new controls when they are added to standards that are enabled.
hub_arntext=The ARN of the Hub resource that was retrieved.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
subscribed_attimestamp with time zoneThe date and time when Security Hub was enabled in the account.
tagsjsonbA map of tags for the resource.
titletextThe title of hub. This is a constant value 'default'

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_securityhub_hub