Table: aws_securityhub_hub - Query AWS Security Hub using SQL
The AWS Security Hub provides a comprehensive view of your high-priority security alerts and compliance status across your AWS accounts. It aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner solutions. The findings are then visually summarized on integrated dashboards with actionable graphs and tables.
Table Usage Guide
The aws_securityhub_hub
table in Steampipe provides you with information about Hub resources within AWS Security Hub. This table allows you, as a DevOps engineer, to query Hub-specific details, including the ARN, subscription status, and auto-enable controls. You can utilize this table to gather insights on Hub resources, such as their subscription status, whether auto-enable controls are activated, and more. The schema outlines the various attributes of the Security Hub for you, including the Hub ARN, auto-enable controls status, and associated tags.
Examples
Basic info
Explore which AWS Security Hub settings are automatically enabling controls and when they were subscribed to, across different regions. This can help in managing security protocols and ensuring timely compliance across the organization's AWS infrastructure.
select hub_arn, auto_enable_controls, subscribed_at, regionfrom aws_securityhub_hub;
select hub_arn, auto_enable_controls, subscribed_at, regionfrom aws_securityhub_hub;
List hubs that do not automatically enable new controls
Identify hubs within the AWS Security Hub service that have not been configured to automatically enable new controls. This can be useful in assessing the level of manual intervention required in your security management process.
select hub_arn, auto_enable_controlsfrom aws_securityhub_hubwhere not auto_enable_controls;
select hub_arn, auto_enable_controlsfrom aws_securityhub_hubwhere auto_enable_controls = 0;
List administrator account details for the hub
Explore the details of administrator accounts in the security hub, including invitation status and time, to manage and monitor account usage. This is particularly useful in tracking the status of administrator invitations and maintaining security controls.
select hub_arn, auto_enable_controls, administrator_account ->> 'AccountId' as administrator_account_id, administrator_account ->> 'InvitationId' as administrator_invitation_id, administrator_account ->> 'InvitedAt' as administrator_invitation_time, administrator_account ->> 'MemberStatus' as administrator_statusfrom aws_securityhub_hubwhere administrator_account is not null;
select hub_arn, auto_enable_controls, json_extract(administrator_account, '$.AccountId') as administrator_account_id, json_extract(administrator_account, '$.InvitationId') as administrator_invitation_id, json_extract(administrator_account, '$.InvitedAt') as administrator_invitation_time, json_extract(administrator_account, '$.MemberStatus') as administrator_statusfrom aws_securityhub_hubwhere administrator_account is not null;
Schema for aws_securityhub_hub
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
administrator_account | jsonb | Provides the details for the Security Hub administrator account for the current member account. | |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
auto_enable_controls | boolean | Whether to automatically enable new controls when they are added to standards that are enabled. | |
hub_arn | text | = | The ARN of the Hub resource that was retrieved. |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
region | text | The AWS Region in which the resource is located. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
subscribed_at | timestamp with time zone | The date and time when Security Hub was enabled in the account. | |
tags | jsonb | A map of tags for the resource. | |
title | text | The title of hub. This is a constant value 'default' |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_securityhub_hub