How to download Security Hub csv file containing 21+ records

Hi guys,

I'm trying to download a Security Hub csv file containing 21+ records. Are there any ways to realize that?

By default, the number of max records is 20. If I want to check 200 records for a certain vulnerability (e.g. s3.x), I have to do that 20 times! Bothering to me.

Thank you for your cooperation!

Karl

주제

보안, 신원 및 규정 준수

태그

AWS 보안 허브

언어

English

Karl_Tokyo

질문됨 4달 전222회 조회

2개 답변

최신
최다 투표
가장 많은 댓글

I would look to use AWS cli with pagination so that you can pull all results to a file.

https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securityhub/get-findings.html

전문가

Gary Mclean

답변함 4달 전

전문가

Riku_Kobayashi

검토됨 4달 전

Riku_Kobayashi 전문가

4달 전

Hello.
I think you can solve it by implementing the architecture described in the blog below or by writing a script using the AWS CLI. https://aws.amazon.com/jp/blogs/security/how-to-export-aws-security-hub-findings-to-csv-format/
Using the AWS CLI, you can use the following command to search for SecurityHub detection results whose first detection date is within 30 days and whose severity is CRITICAL or HIGH and ACTIVE, and to output them as CSV.

DATE=$(date --date="-30 days" +%Y-%m-%d);aws securityhub get-findings --filters '{"SeverityLabel":[{"Value": "CRITICAL","Comparison":"EQUALS"},{"Value":"HIGH","Comparison":"EQUALS"}],"RecordState": [{"Value": "ACTIVE","Comparison":"EQUALS"}]}' --query "Findings[?FirstObservedAt>=\`$DATE\`]" | jq -r '.[] | [.ProductName, .Region, .GeneratorId, .AwsAccountId, .Compliance.Status, .Severity.Label, .Resources[0].Region, .Resources[0].Id, .UpdatedAt, .Title, .Description] | @csv' > securityhub-findings.csv

Gary Mclean 전문가
4달 전
Thanks for the additional info Riku. Nice blog

Gary, Riku, Thank you for your comments! I will give it a try!

Karl_Tokyo

답변함 4달 전

How to download Security Hub csv file containing 21+ records

관련 콘텐츠