steampipe plugin install aws

Table: aws_securityhub_product - Query AWS Security Hub Products using SQL

The AWS Security Hub Product is a service that provides a comprehensive view of your high-priority security alerts and compliance status across AWS accounts. It aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner solutions. The findings are then visually summarized on integrated dashboards with actionable graphs and tables.

Table Usage Guide

The aws_securityhub_product table in Steampipe provides you with information about security products within AWS Security Hub. This table allows you as a security analyst or DevOps engineer to query product-specific details, including product ARN, product name, company name, description, and marketplace URL. You can utilize this table to gather insights on security products, such as their activation status, associated integrations, and more. The schema outlines the various attributes of the security product for you, including the product ARN, name, company name, description, marketplace URL, and activation status.

Examples

Basic info

Explore which security products are in use within your AWS environment and gain insights into their associated companies and descriptions. This information can be valuable for auditing purposes, compliance checks, or for understanding the overall security posture of your AWS infrastructure.

select
name,
product_arn,
company_name,
description
from
aws_securityhub_product;
select
name,
product_arn,
company_name,
description
from
aws_securityhub_product;

List products provided by AWS

Discover the range of products provided directly by AWS, enabling you to understand the scope of services and solutions offered by the company. This can assist in identifying potential resources for your specific needs.

select
name,
company_name,
description
from
aws_securityhub_product
where
company_name = 'AWS';
select
name,
company_name,
description
from
aws_securityhub_product
where
company_name = 'AWS';

List products that send findings to security hub

Determine the areas in which specific products are configured to send findings to the security hub. This can be particularly useful for organizations looking to enhance their security posture by ensuring all relevant findings are centralized for further analysis.

select
name,
product_arn,
company_name
from
aws_securityhub_product,
jsonb_array_elements_text(integration_types) as i
where
i = 'SEND_FINDINGS_TO_SECURITY_HUB';
select
name,
product_arn,
company_name
from
aws_securityhub_product,
json_each(integration_types)
where
value = 'SEND_FINDINGS_TO_SECURITY_HUB';

Schema for aws_securityhub_product

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe AWS Account ID in which the resource is located.
activation_urltextThe URL used to activate the product.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
categoriesjsonbThe categories assigned to the product.
company_nametextThe name of the company that provides the product.
descriptiontextA description of the product.
integration_typesjsonbThe types of integration that the product supports.
marketplace_urltextThe URL for the page that contains more information about the product.
nametextThe name of the product.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
product_arntext=The ARN assigned to the product.
product_subscription_resource_policyjsonbThe resource policy associated with the product.
regiontextThe AWS Region in which the resource is located.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_securityhub_product