404

[ Avaa Bypassed ]




Upload:

Command:

botdev@3.149.253.148: ~ $
**Example 1: To return findings generated for a specific standard**

The following ``get-findings`` example returns findings for the PCI DSS standard. ::

    aws securityhub get-findings \
        --filters '{"GeneratorId":[{"Value": "pci-dss","Comparison":"PREFIX"}]}' \
        --max-items 1

Output::

    {
        "Findings": [
            {
                "SchemaVersion": "2018-10-08",
                "Id": "arn:aws:securityhub:eu-central-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
                "ProductArn": "arn:aws:securityhub:us-west-1::product/aws/securityhub",
                "GeneratorId": "pci-dss/v/3.2.1/PCI.Lambda.2",
                "AwsAccountId": "123456789012",
                "Types": [
                    "Software and Configuration Checks/Industry and Regulatory Standards/PCI-DSS"
                ],
                "FindingProviderFields": {
                    "Severity": {
                        "Original": 0,
                        "Label": "INFORMATIONAL"
                    },
                    "Types": [
                        "Software and Configuration Checks/Industry and Regulatory Standards/PCI-DSS"
                    ]
                },
                "FirstObservedAt": "2020-06-02T14:02:49.159Z",
                "LastObservedAt": "2020-06-02T14:02:52.397Z",
                "CreatedAt": "2020-06-02T14:02:49.159Z",
                "UpdatedAt": "2020-06-02T14:02:52.397Z",
                "Severity": {
                    "Original": 0,
                    "Label": "INFORMATIONAL",
                    "Normalized": 0
                },
                "Title": "PCI.Lambda.2 Lambda functions should be in a VPC",
                "Description": "This AWS control checks whether a Lambda function is in a VPC.",
                "Remediation": {
                    "Recommendation": {
                        "Text": "For directions on how to fix this issue, please consult the AWS Security Hub PCI DSS documentation.",
                        "Url": "https://docs.aws.amazon.com/console/securityhub/PCI.Lambda.2/remediation"
                    }
                },
                "ProductFields": {
                    "StandardsArn": "arn:aws:securityhub:::standards/pci-dss/v/3.2.1",
                    "StandardsSubscriptionArn": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1",
                    "ControlId": "PCI.Lambda.2",
                    "RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/PCI.Lambda.2/remediation",
                    "RelatedAWSResources:0/name": "securityhub-lambda-inside-vpc-0e904a3b",
                    "RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
                    "StandardsControlArn": "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.Lambda.2",
                    "aws/securityhub/SeverityLabel": "INFORMATIONAL",
                    "aws/securityhub/ProductName": "Security Hub",
                    "aws/securityhub/CompanyName": "AWS",
                    "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/securityhub/arn:aws:securityhub:eu-central-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
            },
                "Resources": [
                    {
                        "Type": "AwsAccount",
                        "Id": "AWS::::Account:123456789012",
                        "Partition": "aws",
                        "Region": "us-west-1"
                    }
                ],
                "Compliance": {
                    "Status": "PASSED",
                    "RelatedRequirements": [
                        "PCI DSS 1.2.1",
                        "PCI DSS 1.3.1",
                        "PCI DSS 1.3.2",
                        "PCI DSS 1.3.4"
                    ]
                },
                "WorkflowState": "NEW",
                "Workflow": {
                    "Status": "NEW"
                },
                "RecordState": "ARCHIVED"
            }
        ],
        "NextToken": "eyJOZXh0VG9rZW4iOiBudWxsLCAiYm90b190cnVuY2F0ZV9hbW91bnQiOiAxfQ=="
    }

**Example 2: To return critical-severity findings that have a workflow status of NOTIFIED**

The following ``get-findings`` example returns findings that have a severity label value of CRITICAL and a workflow status of NOTIFIED. The results are sorted in descending order by the value of Confidence. ::

    aws securityhub get-findings \
        --filters '{"SeverityLabel":[{"Value": "CRITICAL","Comparison":"EQUALS"}],"WorkflowStatus": [{"Value":"NOTIFIED","Comparison":"EQUALS"}]}' \
        --sort-criteria '{ "Field": "Confidence", "SortOrder": "desc"}' \
        --max-items 1

Output::

    {
        "Findings": [
            {
                "SchemaVersion": "2018-10-08",
                "Id": "arn:aws:securityhub:us-west-1: 123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0/1.13/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
                "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/securityhub",
                "GeneratorId": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.13",
                "AwsAccountId": "123456789012",
                "Types": [
                    "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
                ],
                "FindingProviderFields" {
                    "Severity": {
                        "Original": 90,
                        "Label": "CRITICAL"
                    },
                    "Types": [
                        "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
                    ]
                },
                "FirstObservedAt": "2020-05-21T20:16:34.752Z",
                "LastObservedAt": "2020-06-09T08:16:37.171Z",
                "CreatedAt": "2020-05-21T20:16:34.752Z",
                "UpdatedAt": "2020-06-09T08:16:36.430Z",
                "Severity": {
                    "Original": 90,
                    "Label": "CRITICAL",
                    "Normalized": 90
                },
                "Title": "1.13 Ensure MFA is enabled for the \"root\" account",
                "Description": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device.",
                "Remediation": {
                    "Recommendation": {
                        "Text": "For directions on how to fix this issue, please consult the AWS Security Hub CIS documentation.",
                        "Url": "https://docs.aws.amazon.com/console/securityhub/standards-cis-1.13/remediation"
                    }
                },
                "ProductFields": {
                    "StandardsGuideArn": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
                    "StandardsGuideSubscriptionArn": "arn:aws:securityhub:us-west-1:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0",
                    "RuleId": "1.13",
                    "RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/standards-cis-1.13/remediation",
                    "RelatedAWSResources:0/name": "securityhub-root-account-mfa-enabled-5pftha",
                    "RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
                    "StandardsControlArn": "arn:aws:securityhub:us-west-1:123456789012:control/cis-aws-foundations-benchmark/v/1.2.0/1.13",
                    "aws/securityhub/SeverityLabel": "CRITICAL",
                    "aws/securityhub/ProductName": "Security Hub",
                    "aws/securityhub/CompanyName": "AWS",
                    "aws/securityhub/FindingId": "arn:aws:securityhub:us-west-1::product/aws/securityhub/arn:aws:securityhub:us-west-1:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0/1.13/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
                },
                "Resources": [
                    {
                        "Type": "AwsAccount",
                        "Id": "AWS::::Account:123456789012",
                        "Partition": "aws",
                        "Region": "us-west-1"
                    }
                ],
                "Compliance": {
                    "Status": "FAILED"
                },
                "WorkflowState": "NEW",
                "Workflow": {
                    "Status": "NOTIFIED"
                },
                "RecordState": "ACTIVE"
            }
        ]
    }

For more information, see `Filtering and grouping findings <https://docs.aws.amazon.com/securityhub/latest/userguide/findings-filtering-grouping.html>`__ in the *AWS Security Hub User Guide*.

Filemanager

Name Type Size Permission Actions
accept-administrator-invitation.rst File 573 B 0644
accept-invitation.rst File 552 B 0644
batch-disable-standards.rst File 939 B 0644
batch-enable-standards.rst File 927 B 0644
batch-import-findings.rst File 1.7 KB 0644
batch-update-findings.rst File 3.35 KB 0644
create-action-target.rst File 757 B 0644
create-finding-aggregator.rst File 1.03 KB 0644
create-insight.rst File 827 B 0644
create-members.rst File 558 B 0644
decline-invitations.rst File 583 B 0644
delete-action-target.rst File 680 B 0644
delete-finding-aggregator.rst File 620 B 0644
delete-insight.rst File 653 B 0644
delete-invitations.rst File 578 B 0644
delete-members.rst File 513 B 0644
describe-action-targets.rst File 936 B 0644
describe-hub.rst File 659 B 0644
describe-organization-configuration.rst File 532 B 0644
describe-products.rst File 2.4 KB 0644
describe-standards-controls.rst File 3 KB 0644
describe-standards.rst File 2.12 KB 0644
disable-import-findings-for-product.rst File 640 B 0644
disable-organization-admin-account.rst File 575 B 0644
disable-security-hub.rst File 400 B 0644
disassociate-from-administrator-account.rst File 496 B 0644
disassociate-from-master-account.rst File 482 B 0644
disassociate-members.rst File 509 B 0644
enable-import-findings-for-product.rst File 721 B 0644
enable-organization-admin-account.rst File 571 B 0644
enable-security-hub.rst File 638 B 0644
get-administrator-account.rst File 708 B 0644
get-enabled-standards.rst File 918 B 0644
get-finding-aggregator.rst File 879 B 0644
get-findings.rst File 8.96 KB 0644
get-insight-results.rst File 1.15 KB 0644
get-insights.rst File 1.32 KB 0644
get-invitations-count.rst File 519 B 0644
get-master-account.rst File 694 B 0644
get-members.rst File 1.22 KB 0644
invite-members.rst File 497 B 0644
list-enabled-products-for-import.rst File 707 B 0644
list-finding-aggregators.rst File 578 B 0644
list-invitations.rst File 715 B 0644
list-members.rst File 1.13 KB 0644
list-organization-admin-accounts.rst File 615 B 0644
list-tags-for-resource.rst File 618 B 0644
tag-resource.rst File 572 B 0644
untag-resource.rst File 532 B 0644
update-action-target.rst File 639 B 0644
update-finding-aggregator.rst File 888 B 0644
update-insight.rst File 2.07 KB 0644
update-organization-configuration.rst File 556 B 0644
update-security-hub-configuration.rst File 505 B 0644
update-standards-control.rst File 1.01 KB 0644