By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Security Hub: Sending Findings to S3 for Athena

0

I am trying to find a way to create Athena queries that handle information from AWS Security Hub, such as the 'Findings' displayed within it. Athena's input data comes from S3. Is there a way to specify a location in S3 that will receive the findings from AWS Security Hub, or is there already a location I should try looking into? Is there any other way to feed Security Hub information into Athena?

Topics
StorageAnalyticsSecurity, Identity, & ComplianceDatabaseAWS Well-Architected Framework
Tags
Amazon Simple Storage ServiceAmazon AthenaSecurity, Identity, & ComplianceDatabaseSecurity
Language
English
rePost-User-3083389
asked a year ago986 views
2 Answers
0

Hi,

In principle, you should move security hub logs to an s3 bucket of choice, and then use Athena to query from that bucket.

You can check these out:

Hope it helps ;)

profile picture
EXPERT
Antonio_Lagrotteria
answered a year ago
0

Hey there!

You can use the new service, Amazon Security Lake, which automatically sends security hub findings to an S3 bucket and sets up Athena for you.

For more details, see here: https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html

AWS
AWS-User-3160679
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content