steampipe plugin install aws

Table: aws_securityhub_standards_control - Query AWS Security Hub Standards Control using SQL

The AWS Security Hub Standards Control is a feature of AWS Security Hub that provides a comprehensive view of the security alerts and security posture across your AWS accounts. This includes continuous monitoring and automated compliance checks against standards such as CIS AWS Foundations Benchmark. It aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, as well as from AWS partner solutions.

Table Usage Guide

The aws_securityhub_standards_control table in Steampipe provides you with information about each security standard control available in your AWS account. This table allows you, as a DevOps engineer, security analyst, or other professional, to query control-specific details, including its status, related AWS resources, severity, and compliance status. You can utilize this table to gather insights on controls, such as controls that are currently non-compliant, controls that have a high severity level, and more. The schema outlines the various attributes of the standards control for you, including the control ID, control status, related AWS resources, severity, and compliance status.

Examples

Basic info

Gain insights into the status and severity rating of various controls in your AWS SecurityHub to ensure your security standards are met. This is crucial for maintaining a robust security posture and promptly addressing any potential vulnerabilities or non-compliance issues.

select
control_id,
control_status,
severity_rating
from
aws_securityhub_standards_control;
select
control_id,
control_status,
severity_rating
from
aws_securityhub_standards_control;

List disabled controls

Identify instances where certain security controls within AWS Security Hub are disabled, allowing you to assess potential vulnerabilities and take corrective action.

select
control_id,
control_status,
severity_rating
from
aws_securityhub_standards_control
where
control_status = 'DISABLED';
select
control_id,
control_status,
severity_rating
from
aws_securityhub_standards_control
where
control_status = 'DISABLED';

Count the number of controls by severity

Assess the distribution of security controls based on their severity in your AWS Security Hub. This can help prioritize actions depending on the severity of security controls.

select
severity_rating,
count(severity_rating)
from
aws_securityhub_standards_control
group by
severity_rating
order by
severity_rating;
select
severity_rating,
count(severity_rating)
from
aws_securityhub_standards_control
group by
severity_rating
order by
severity_rating;

List controls with high severity

Discover the segments that have high severity in your security controls. This can be particularly useful for prioritizing security measures and addressing the most critical vulnerabilities first.

select
control_id,
control_status,
severity_rating
from
aws_securityhub_standards_control
where
severity_rating = 'HIGH';
select
control_id,
control_status,
severity_rating
from
aws_securityhub_standards_control
where
severity_rating = 'HIGH';

List controls which were updated in the last 30 days

Determine the areas in which your Security Hub controls have been updated recently. This can be useful for keeping track of changes to your security posture and identifying any potential vulnerabilities that need to be addressed.

select
control_id,
control_status,
severity_rating
from
aws_securityhub_standards_control
where
control_status_updated_at >= (now() - interval '30' day);
select
control_id,
control_status,
severity_rating
from
aws_securityhub_standards_control
where
control_status_updated_at >= datetime('now', '-30 day');

List CIS AWS foundations benchmark controls with critical severity

Determine the areas in which critical severity controls are found within the AWS foundations benchmark. This could be useful for prioritizing areas of concern in your security strategy.

select
control_id,
control_status,
severity_rating
from
aws_securityhub_standards_control
where
severity_rating = 'CRITICAL'
and arn like '%cis-aws-foundations-benchmark%';
select
control_id,
control_status,
severity_rating
from
aws_securityhub_standards_control
where
severity_rating = 'CRITICAL'
and arn like '%cis-aws-foundations-benchmark%';

Discover the segments that are related to specific S3 controls in AWS Security Hub. This allows you to better manage and enhance your security posture by understanding the interdependencies between different requirements and controls.

select
control_id,
r as related_requirements
from
aws_securityhub_standards_control,
jsonb_array_elements_text(related_requirements) as r
where
control_id like '%S3%'
group by
control_id,
r
order by
control_id,
r;
select
control_id,
json_extract(r.value, '$') as related_requirements
from
aws_securityhub_standards_control,
json_each(related_requirements) as r
where
control_id like '%S3%'
group by
control_id,
json_extract(r.value, '$')
order by
control_id,
json_extract(r.value, '$');

List controls which require PCI DSS benchmark

Discover the segments that have security controls aligned with the PCI DSS benchmark, a crucial step in ensuring your AWS services comply with these important data security standards. This query assists in identifying these specific controls, aiding in the process of regulatory compliance.

select
r as related_requirements,
control_id
from
aws_securityhub_standards_control,
jsonb_array_elements_text(related_requirements) as r
where
r like '%PCI%'
group by
r,
control_id
order by
r,
control_id;
select
json_extract(r.value, '$') as related_requirements,
control_id
from
aws_securityhub_standards_control,
json_each(related_requirements) as r
where
json_extract(r.value, '$') like '%PCI%'
group by
json_extract(r.value, '$'),
control_id
order by
json_extract(r.value, '$'),
control_id;

Schema for aws_securityhub_standards_control

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe ARN of the security standard control.
control_idtextThe identifier of the security standard control.
control_statustextThe current status of the security standard control. Indicates whether the control is enabled or disabled. Security Hub does not check against disabled controls.
control_status_updated_attimestamp with time zoneThe date and time that the status of the security standard control was most recently updated.
descriptiontextThe longer description of the security standard control.
disabled_reasontextThe reason provided for the most recent change in status for the control.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
related_requirementsjsonbThe list of requirements that are related to this control.
remediation_urltextA link to remediation information for the control in the Security Hub user documentation.
severity_ratingtextThe severity of findings generated from this security standard control.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_securityhub_standards_control