fbpx

How exactly to export AWS Security Hub findings to CSV format

 <a href="https://aws.amazon.com/security-hub/" target="_blank" rel="noopener noreferrer">     AWS Protection Hub     </a>      is really a main dashboard for security, danger management, and compliance results from      <a href="https://aws.amazon.com/audit-manager/" target="_blank" rel="noopener noreferrer">     AWS Audit Supervisor     </a>     ,      <a href="https://aws.amazon.com/firewall-manager/" target="_blank" rel="noopener noreferrer">     AWS Firewall Supervisor     </a>     ,      <a href="https://aws.amazon.com/guardduty/" target="_blank" rel="noopener noreferrer">     Amazon GuardDuty     </a>     ,      <a href="https://aws.amazon.com/iam/features/analyze-access/" target="_blank" rel="noopener noreferrer">     IAM Accessibility Analyzer     </a>     ,      <a href="https://aws.amazon.com/inspector" target="_blank" rel="noopener noreferrer">     Amazon Inspector     </a>     , and several various other AWS and third-party providers. You may use the insights from Safety Hub to obtain an understanding of one's compliance posture across several AWS accounts. It isn't unusual for an individual AWS account to possess greater than a thousand Protection Hub findings. Multi-accounts and multi-Region environments could have hundreds or thousands of findings. With so many results, it is important to get a overview of the most crucial types. Navigating through duplicate results, fake positives, and benign positives may take time.

 <pre>          <code>        &lt;p&gt;In this article, we demonstrate how exactly to export those results to comma divided values (CSV) formatted documents within an &lt;a href="http://aws.amazon.com/s3" target="_blank" rel="noopener noreferrer"&gt;Amazon Basic Storage Assistance (Amazon S3)&lt;/the&gt; bucket. It is possible to analyze those files with a spreadsheet, database apps, or other equipment. You may use the CSV formatted documents to change a couple of position and workflow ideals to align together with your organizational specifications, and update many or all findings at in Safety Hub once.&lt;/p&gt; 

<p>The answer described in this article, called CSV Supervisor for Security Hub, uses an <a href=”http://aws.amazon.com/lambda” focus on=”_blank” rel=”noopener noreferrer”>AWS Lambda</a> functionality to export results to a CSV item within an S3 bucket, and another Lambda functionality to update Protection Hub results by modifying selected ideals in the downloaded CSV document from an S3 bucket. An &lt can be used by you;a href=”https://docs.aws.amazon.com/eventbridge/most recent/userguide/eb-create-rule-schedule.html” focus on=”_blank” rel=”noopener noreferrer”>Amazon EventBridge scheduled guideline</a> to execute periodic exports (for instance, once a full week. CSV Manager for Safety Hub also offers an update function which allows you to revise the workflow, customer-specific notation, along with other customer-updatable values for most or all findings simultaneously. If you’ve setup an area aggregator in Protection Hub, you need to configure the principal CSV Manager for Safety Hub stack to export results just from the aggregator Area. However, you might configure other CSV Supervisor for Protection Hub stacks that export results from specific Areas or from all relevant Regions in particular accounts. This enables application and account proprietors to view their very own Security Hub results without having usage of other results for the business.</p>
<h2>How it works</h2>
<p>CSV Supervisor for Safety Hub has two primary features:</p>
<ul>
<li>Export Protection Hub findings to the CSV object within an S3 bucket</li>
<li>Upgrade Security Hub results from the CSV object within an S3 bucket</li>
</ul>
<h2>Summary of the export functionality</h2>
<p>The summary of the export function CsvExporter is shown in Figure 1.</p>
<div id=”attachment_26694″ course=”wp-caption aligncenter”>
<img aria-describedby=”caption-attachment-26694″ src=”https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3electronic253a90eee5098477c95c23d/2022/08/03/img1.jpg” alt=”Number 1: Architecture diagram of the export functionality” width=”781″ height=”381″ class=”size-full wp-image-26694″>
<p id=”caption-attachment-26694″ course=”wp-caption-text”>Figure 1: Architecture diagram of the export functionality</p>
</div>
<p>Physique 1 shows the next numbered ways:</p>
<ol>
<li>In the <a href=”https://aws.amazon.com/console/” focus on=”_blank” rel=”noopener noreferrer”>AWS Management System</the>, you invoke the <period>CsvExporter</period> Lambda functionality with a test occasion.</li>
<li>The Security is named by the export function Hub <a href=”https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html” focus on=”_blank” rel=”noopener noreferrer”>GetFindings</the> API activity and gets a listing of results to export from Safety Hub.</li>
<li>The export function converts the most crucial fields to recognize and sort findings to a 37-column CSV format (which include 12 updatable columns) and writes to an S3 bucket.</li>
</ol>
<h2>Summary of the update functionality</h2>
<p>To update existing Protection Hub results that you exported earlier, you may use the update functionality <period>CsvUpdater</period> to change the particular columns and rows of the CSV document you exported, as shown in Number 2. You can find 12 modifiable columns out of 37 (any modifications to some other columns are overlooked), which are defined in greater detail in <a href=”https://aws.amazon.com/blogs/security/how-to-export-aws-security-hub-findings-to-csv-format/#stage-3″>Step three 3: View or up-date findings inside the CSV document</a> in this post later.</p>
<p>Shape 2: Architecture diagram of the update functionality</p>
<div id=”attachment_26695″ course=”wp-caption aligncenter”>
<img aria-describedby=”caption-attachment-26695″ src=”https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3electronic253a90eee5098477c95c23d/2022/08/03/img2-1.png” alt=”Figure 2 displays the next numbered steps:” width=”781″ height=”361″ course=”size-full wp-picture-26695″>
<p id=”caption-attachment-26695″ course=”wp-caption-text”>Figure 2 exhibits the following numbered measures:</p>
</div>
<ol>
<li>You download the CSV file that the <period>CsvExporter</period> function generated from the S3 update and bucket like needed.</li>
<li>You upload the CSV file which has your updates to the S3 bucket.</li>
<li>In the <a href=”https://gaming console.aws.amazon.com/system/home” focus on=”_blank” rel=”noopener noreferrer”>AWS Management Gaming console</the>, you invoke the <period>CsvUpdater</period> Lambda functionality with a test occasion that contains the URI of the CSV document.</li>
<li><period>CsvUpdater</period> reads the up-to-date CSV document from the S3 bucket.</li>
<li><period>CsvUpdater</period> identifies the minimum amount set of improvements and invokes the Safety Hub <a href=”https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html” focus on=”_blank” rel=”noopener noreferrer”>BatchUpdateFindings</the> API motion.</li>
</ol>
<h2 id=”action-1″>Step one 1: Utilize the CloudFormation template to deploy the alternative</h2>
<p>It is possible to create and use CSV Supervisor for Security Hub through the use of either <a href=”https://aws.amazon.com/cloudformation/” focus on=”_blank” rel=”noopener noreferrer”>AWS CloudFormation</the> or the <a href=”https://aws.amazon.com/cdk/” focus on=”_blank” rel=”noopener noreferrer”>AWS Cloud Growth Package (AWS CDK)</the>.</p>
<p><strong>To deploy the answer (AWS CDK)</strong></p>
<p>You will find the most recent code in the <a href=”https://github.com/aws-samples/aws-security-hub-csv-manager/tree/major” target=”_blank” rel=”noopener noreferrer”>aws-security-hub-csv-supervisor</the> GitHub repository, where one can donate to the sample program code also. The next commands show how exactly to deploy the answer utilizing the AWS CDK. Initial, the AWS CDK initializes your uploads and environment the AWS Lambda assets to an S3 bucket. After that, you deploy the perfect solution is to your account utilizing the following instructions. Replace <period>&lt;Place_AWS_Accounts&gt;</period> together with your account amount, and replace <period>&lt;Put in_Area&gt;</period> with the AWS Region that the answer is desired by you deployed to, for example <period>us-east-1</period>.</p>
<p>cdk bootstrap aws://&lt;INSERT_AWS_Accounts&gt;/&lt;INSERT_Area&gt;<br>cdk deploy</p>
<p><strong>To deploy the perfect solution is (CloudFormation)</strong></p>
<ol>
<li>Pick the adhering to <strong>Start Stack</strong> button to open up the AWS CloudFormation gaming console pre-loaded with the template because of this remedy: <p><a href=”https://system.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/brand-new?stackName=securityhubcsvmanagerstack&templateURL=https://awsiammedia.s3.amazonaws.com/public/sample/1280-export-sh-findings-to-csv-format/csv_supervisor_sechub.yaml” rel=”noopener noreferrer” focus on=”_blank”><img src=”https://d2908q01vomqb2.cloudfront.internet/22d200f8670dbdb3e253a90eee5098477c95c23d/2019/06/05/launch-stack-key.png” alt=”Launch Stack” width=”190″ height=”36″ class=”aligncenter size-complete wp-picture-10149″></the></p> </li>
<li>In the <strong>Parameters</strong> area, as shown in Body 3, enter your ideals.
<div id=”attachment_26696″ course=”wp-caption aligncenter”>
<img aria-describedby=”caption-attachment-26696″ src=”https://www.infracom.com.sg/wp-content/uploads/2022/08/img3-1-1024×629-1.png” alt=”Shape 3: CloudFormation template variables” width=”700″ course=”size-large wp-picture-26696″>
<p id=”caption-attachment-26696″ course=”wp-caption-text”>Figure 3: CloudFormation template variables</p>
</div>
<ol>
<li>For <strong>What folder for CSV Manager for Security Hub Lambda program code</strong>, keep the default Program code. For <strong>What folder for CSV Manager for Security Hub exports</strong>, depart the default <span>Results</period>. <p>They are the folders within the S3 bucket that the CSV Supervisor for Protection Hub CloudFormation template creates to shop the Lambda code, along with where the results are exported by the Lambda functionality. </p> </li>
<li>For <strong>Regularity</strong>, because of this solution it is possible to leave the default worth <period>cron(0 8 ? * SUN *)</period>. Every Sunday at 8:00 AM nearby time utilizing an &lt this default leads to automatic exports that occurs;a href=”https://docs.aws.amazon.com/eventbridge/most recent/userguide/eb-create-rule-schedule.html” focus on=”_blank” rel=”noopener noreferrer”>EventBridge scheduled principle</a>. To learn more about how exactly to update this worth to meet your preferences, discover <a href=”https://docs.aws.amazon.com/AmazonCloudWatch/latest/activities/ScheduledEvents.html” focus on=”_blank” rel=”noopener noreferrer”>Plan Expressions for Guidelines</the> in the Amazon CloudWatch Activities User Guidebook.</li>
<li>The values you enter for the <strong>Areas</strong> field be determined by whether you possess configured an <a href=”https://docs.aws.amazon.com/securityhub/most recent/userguide/finding-aggregation-enable.html” focus on=”_blank” rel=”noopener noreferrer”>aggregation Area</the> in Safety Hub.
<ul>
<li>Should you have configured an aggregation Region, enter only that Region program code, for example <period>eu-north-1</period>, as shown within Amount 3.</li>
<li>In the event that you haven’t configured an aggregation Region, enter a comma-separated set of Regions where you have enabled Security Hub, for instance <period>us-east-1</period>, <period>eu-west-1</period>, <period>eu-west-2</period>.</li>
<li>If you want to export results from all Regions where Security Hub is enabled, keep the <strong>Areas</strong> industry blank. Regions where Protection Hub is not allowed will generate a note and you will be skipped. </li>
</ul> </li>
</ol> </li>
<li>Choose <strong>Next</strong>.</li>
</ol>
<p>The CloudFormation stack deploys the required resources, including an EventBridge scheduling rule, <a href=”https://aws.amazon.com/systems-supervisor/features/#Automation” target=”_blank” rel=”noopener noreferrer”>AWS System Supervisors Automation documents</the>, an S3 bucket, and Lambda features for exporting and updating Safety Hub results.</p>
<p><strong>Once you deploy the CloudFormation stack</strong></p>
<p>Following the CSV is established by you Manager for Security Hub stack, you can do the next:</p>
<ol>
<li>Perform the export perform to create some or all Protection Hub findings to the CSV document by following the guidelines in <a href=”https://aws.amazon.com/blogs/security/how-to-export-aws-security-hub-findings-to-csv-format/#phase-2″>Step two 2: Export Safety Hub findings to the CSV file</the> afterwards in this article.</li>
<li>Perform bulk update of Protection Hub results by following the directions in <a href=”https://aws.amazon.com/blogs/security/how-to-export-aws-security-hub-findings-to-csv-format/#stage-3″>Step three 3: View or upgrade findings inside the CSV document</a> later in this article. You can make adjustments to one or even more of the 12 updatable columns of the CSV document, and perform the revise function to up-date some or all Safety Hub results.</li>
</ol>
<h2 id=”action-2″>Step two 2: Export Protection Hub findings to the CSV document</h2>
<p>It is possible to export Security Hub results from the AWS Lambda gaming console. To do this, a test is established by you event and invoke the <period>CsvExporter</period> Lambda functionality. <period>CsvExporter</period> exports all Safety Hub results from all applicable Areas to an individual CSV document in the S3 bucket for CSV Supervisor for Protection Hub.</p>
<p><strong>To export Security Hub findings to a CSV document</strong></p>
<ol>
<li>In the <a href=”https://system.aws.amazon.com/lambda/” focus on=”_blank” rel=”noopener noreferrer”>AWS Lambda gaming console</a>, discover the <period>CsvExporter</period> Lambda functionality and choose it.</li>
<li>On the <strong>Program code</strong> tab, pick the down arrow at the proper of the <strong>Check</strong> switch, as shown in Physique 4, and choose <strong>Configure check event</strong>.
<div id=”attachment_26699″ course=”wp-caption aligncenter”>
<img aria-describedby=”caption-attachment-26699″ src=”https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3electronic253a90eee5098477c95c23d/2022/08/03/img4-1-1024×117.png” alt=”Body 4: The straight down arrow at the proper of the Test key” width=”700″ course=”size-large wp-picture-26699″>
<p id=”caption-attachment-26699″ course=”wp-caption-text”>Figure 4: The down arrow with the proper of the Test switch</p>
</div> </li>
<li>To generate a clear test event, about the <strong>Configure test occasion</strong> web page, do the next:
<ol>
<li>Choose <strong>Develop a new occasion</strong>.</li>
<li>Enter a meeting name; in this illustration we used <period>testEvent</period>.</li>
<li>For <strong>Template</strong>, keep the default <strong>hello-entire world</strong>.</li>
<li>For <strong>Occasion JSON</strong>, enter the JSON item as shown in Number 5.</li>
</ol>
<div id=”attachment_26700″ course=”wp-caption aligncenter”>
<img aria-describedby=”caption-attachment-26700″ src=”https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3electronic253a90eee5098477c95c23d/2022/08/03/img5-1-670×1024.png” alt=”Amount 5: Creating a clear test event” width=”670″ height=”1024″ course=”size-large wp-picture-26700″>
<p id=”caption-attachment-26700″ course=”wp-caption-text”>Figure 5: Creating a clear test occasion</p>
</div> </li>
<li>Choose <strong>Conserve </strong>to save lots of the empty test occasion.</li>
<li>To invoke the Lambda functionality, pick the <strong>Check</strong> key, as shown in Shape 6.
<div id=”attachment_26701″ course=”wp-caption aligncenter”>
<img aria-describedby=”caption-attachment-26701″ src=”https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3electronic253a90eee5098477c95c23d/2022/08/03/img6-1-1024×117.png” alt=”Determine 6: Test switch to invoke the Lambda perform” width=”700″ course=”size-large wp-picture-26701″>
<p id=”caption-attachment-26701″ course=”wp-caption-text”>Figure 6: Test key to invoke the Lambda functionality</p>
</div> </li>
<li>On the <strong>Execution Outcomes</strong> tab, note the next details, that you shall need for the next phase.
<div course=”hide-language”>
<pre><code class=”lang-text”>

“message”: “Export succeeded”,
“bucket”: DOC-EXAMPLE-BUCKET,
“exportKey”: DOC-EXAMPLE-OBJECT,
“resultCode”: 200

 <pre>          <code>         &lt;li&gt;Find the CSV object that fits the worthiness of &lt;period&gt;“exportKey”&lt;/period&gt; (in this instance, &lt;period&gt;DOC-EXAMPLE-OBJECT&lt;/period&gt;) in the S3 bucket that fits the worthiness of &lt;period&gt;“bucket”&lt;/period&gt; (in this illustration, &lt;period&gt;DOC-EXAMPLE-BUCKET&lt;/period&gt;).&lt;/li&gt; 

You can now view or upgrade the results in the CSV document, as described within the next section.</p>
<h2 id=”phase-3″>Step three 3: (Optional) Making use of filters to restriction CSV outcomes</h2>
<p>In your test event, it is possible to specify any filter that’s accepted by the <a href=”https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html” focus on=”_blank” rel=”noopener noreferrer”>GetFindings</the> API actions. You do this with the addition of a <period>filter</period> crucial to your test occasion. The <period>filter</period> key can support the word <period>HighActive</period> (that is a predefined filtration system configured as a default for selecting energetic high-severity and critical results, as shown in Body 8), or perhaps a JSON filter item.</p>
<p>Number 8 depicts a good example JSON filtration system that performs exactly the same filtering because the <period>HighActive</period> predefined filtration system.</p>
<p><strong>To utilize filter systems to limit CSV outcomes</strong></p>
<ol>
<li>In the <a href=”https://system.aws.amazon.com/lambda/” focus on=”_blank” rel=”noopener noreferrer”>AWS Lambda gaming console</a>, discover the <period>CsvExporter</period> Lambda functionality and choose it.</li>
<li>On the <strong>Program code</strong> tab, pick the down arrow at the proper of the <strong>Check</strong> switch, as shown in Amount 7, and choose <strong>Configure check event</strong>.
<div id=”attachment_26702″ course=”wp-caption aligncenter”>
<img aria-describedby=”caption-attachment-26702″ src=”https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3electronic253a90eee5098477c95c23d/2022/08/03/img7-1024×117.png” alt=”Figure 7: The lower arrow at the proper of the Test key” width=”700″ course=”size-large wp-picture-26702″ />
<p id=”caption-attachment-26702″ course=”wp-caption-text”>Figure 7: The down arrow on the proper of the Test switch</p>
</div> </li>
<li>To produce a check event containing a filter, in the <strong>Configure test occasion</strong> web page, do the next:
<ol>
<li>Choose <strong>Develop a new occasion</strong>.</li>
<li>Enter a meeting name; in this instance we used <period>filterEvent</period>.</li>
<li>For <strong>Template</strong>, choose <strong>testEvent</strong>,</li>
<li>For <strong>Occasion JSON</strong>, enter the next JSON item, as shown in Physique 8.
<div course=”hide-language”>
<pre><code class=”lang-text”>

“SeverityLabel”:[

     "Value":"CRITICAL",
     "Comparison":"EQUALS"
  ,

     "Value":"HIGH",
     "Comparison":"EQUALS"

],
“RecordState”:[

     "Comparison":"EQUALS",
     "Value":"ACTIVE"

]

Figure 8: Test button to invoke the Lambda function

Figure 8: Test key to invoke the Lambda functionality

  • Choose Conserve .
  • invoke the Lambda functionality

  • To, choose the Check switch as shown in Number 9.
    Figure 9: Test button to invoke the Lambda function

    Figure 9: Test key to invoke the Lambda functionality

  • On the Execution Outcomes tab, note the next information, which you will require for the next phase.

              
    "message": "Export succeeded", "bucket": DOC-EXAMPLE-BUCKET, "exportKey": DOC-EXAMPLE-OBJECT, "resultCode": 200

  • Locate the CSV object that fits the worthiness of “exportKey” (in this illustration, DOC-EXAMPLE-Item ) in the S3 bucket that fits the worthiness of “bucket” (in this instance, DOC-EXAMPLE-BUCKET ).
  • The outcomes in this CSV document ought to be a filtered group of Security Hub results according to the filtration system you specified above. Now you can proceed to step 4 in order to view or update results.

    Step 4: View or revise results in the CSV document

    You may use any scheduled program which allows you to look at or edit CSV data files, such as for example Microsoft Excel. The initial row in the CSV document are the column titles. These column names match areas in the JSON items that are came back by the GetFindings API activity.

    Warning: Usually do not modify the initial two columns, Id (column A) or ProductArn (column B). If you change these columns, Safety Hub shall not have the ability to locate the acquiring to update, and any changes compared to that finding will be discarded.

    It is possible to modify the columns in the CSV document locally, but just 12 columns out of 37 columns will in actuality be up-to-date if you are using CsvUpdater to update Protection Hub findings. Listed below are the 12 columns it is possible to update. These match columns C through N in the CSV file.

    Column title Spreadsheet column Explanation
    Criticality C An integer worth between 0 and 100.
    Self-confidence D An integer worth between 0 and 100.
    NoteText Electronic Any textual content you wish
    NoteUpdatedBy F Immediately updated together with your AWS principal consumer ID.
    CustomerOwner G Details identifying who owns this finding (for instance, email).
    CustomerIssue H A Jira concern or another identifier monitoring a particular issue.
    CustomerTicket I A ticket number or other difficulty/problem monitoring identification.
    ProductSeverity J A floating-point number from 0.0 to 99.9.
    NormalizedSeverity K An integer between 0 and 100.
    SeverityLabel L Among the following:

    • INFORMATIONAL
    • LOW
    • MEDIUM
    • HIGH
    • HIGH
    • CRITICAL
    VerificationState M Among the following:

    • UNKNOWN – Finding yet has not been verified.
    • TRUE_Beneficial – It is a legitimate finding and really should be dealt with as a danger.
    • FALSE_POSITIVE – This an incorrect finding and should be suppressed or ignored.
    • BENIGN_POSITIVE – It is a legitimate finding, however the risk isn’t has or relevant been accepted, transferred, or mitigated.
    Workflow N Among the following:

    • NEW – It is a fresh finding that is not reviewed.
    • NOTIFIED – The responsible parties or party have been notified of this finding.
    • RESOLVED – The finding has already been resolved.
    • SUPPRESSED – A fake or benign finding provides been suppressed in order that it will not appear as an ongoing finding in Safety Hub.

    These columns are stored in the UserDefinedFields industry of the updated results. The column brands imply a particular kind of information, nevertheless, you can put any given information you want.

    ** These columns are stored in the Severity industry of the updated results. These ideals have a set format and you will be rejected if they usually do not satisfy that format.

    Columns with fixed text ideals (L, M, N) in the last table could be specified in blended situation and without underscores-they will undoubtedly be changed into all uppercase and underscores additional in the CsvUpdater Lambda functionality. For instance, “false positive” will undoubtedly be changed into “FALSE_POSITIVE”.

    Step 5: Develop a test occasion and update Protection Hub utilizing the CSV file

    In order to update Security Hub results, make your modifications to columns C through N as explained in the last table. Once you make your adjustments in the CSV document, it is possible to update the results in Security Hub utilizing the CSV document and the CsvUpdater Lambda function.

    Utilize the following procedure to produce a test event and operate the CsvUpdater Lambda functionality.

    To produce a test event and operate the CsvUpdater Lambda functionality

    1. In the AWS Lambda console , discover the CsvUpdater Lambda functionality and choose it.
    2. On the Program code tab, pick the down arrow to the proper of the Test switch, as shown in Shape 10, and choose Configure check event .
      Figure 10: The down arrow to the right of the Test button

      Figure 10: The down arrow to the proper of the Test key

    3. create a test occasion as shown in Body 11

    4. To, on the Configure test occasion page, do the next:

      1. Choose Develop a new occasion .
      2. Enter a meeting name; in this illustration we testEvent used.
      3. For Template , depart the default hello-globe .
      4. For Occasion JSON , enter the next:

                  
        "insight": <s3ObjectUri> , "primaryRegion": <aggregationRegionName>

        Replace <s3ObjectUri> with the entire URI of the S3 object where in fact the updated CSV document is situated.

        Replace <aggregationRegionName> together with your Safety Hub aggregation Region, or the principal Region where you enabled Protection Hub.

        Figure 11: Create and save a test event for the CsvUpdater Lambda function

        Figure 11: Create and save a check occasion for the CsvUpdater Lambda functionality

    5. Choose Conserve .
    6. Pick the Test switch, as shown in Amount 12, to invoke the Lambda function.
      Figure 12: Test button to invoke the Lambda function

      Figure 12: Test key to invoke the Lambda functionality

    7. Compared to that the Lambda functionality ran successfully verify, on the Execution Outcomes tab, review the outcomes for “information” : “Achievement” , as proven in the next example. Note that the outcomes may long be a large number of lines.

                
      "message": "Success", "details": "processed": ["Id": arn:aws:securityhub:us-east-1: 111122223333:subscription/cis-aws-foundations-benchmark/v/1.2.0/1.7/finding/6d543b22-6a3d-405c-ae7f-224469bde7d2, "ProductArn": arn:aws:securityhub:us-east-1::product/aws/securityhub, … ], "unprocessed": [], "message": "Updated succeeded", "success": true , "input": s3://DOC-EXAMPLE-BUCKET/DOC-EXAMPLE-OBJECT, "resultCode": 200

      The prepared array lists every effectively updated selecting by Id and ProductArn .

      If the findings weren’t successfully updated, their ProductArn and Id come in the unprocessed array. In the last example, no findings had been unprocessed.

      The worthiness s3://DOC-EXAMPLE-BUCKET/DOC-EXAMPLE-Item may be the URI of the S3 object that your updates had been read.

    Clearing up

    avoid incurring future costs

    To, very first delete the CloudFormation stack that you deployed in Step one 1: Utilize the CloudFormation template to deploy the answer . Next, you should delete the S3 bucket deployed with the stack manually. For instructions, find Deleting a bucket in the Amazon Basic Storage Service User Tutorial.

    Conclusion

    In this article, we showed you ways to export Safety Hub results to a CSV document within an S3 bucket and up-date the exported findings through the use of CSV Manager for Protection Hub. You’re showed by us ways to automate this process through the use of AWS Lambda, Amazon S3, and AWS Techniques Manager. Total documentation for CSV Supervisor for Security Hub comes in the aws-security-hub-csv-supervisor GitHub repository. You can even investigate other methods to control Security Hub results by looking into our blogs about Safety Hub integration with Amazon OpenSearch Program , Amazon QuickSight , Slack , PagerDuty , Jira , or ServiceNow .

    In case you have feedback concerning this post, submit remarks in the Comments area below. For those who have questions concerning this post, take up a brand-new thread on the Protection Hub re:Write-up . For more information or get started, go to AWS Safety Hub .

    Want more AWS Protection news? Stick to us on Twitter .

     <pre>          <code>        &lt;!-- '"` --&gt; 
     </code>          </pre>     
    
    %d bloggers like this: