By using AWS re:Post, you agree to the Terms of Use
/Need Some Guidance for listing Security hub findings for "Compliance: Passed" Status/

Need Some Guidance for listing Security hub findings for "Compliance: Passed" Status

0

I am having issue on having 1000's of findings in Security Hub which says "Compliance Status: Passed" usually they close after some period of time, but we generate daily reports and need to list the positive findings from CLI Atleast.

Wondering if any one has any knowledge on this please share, I am trying on - Planning to list the findings in CLI which says "Compliance Status: Passed" and close them from CLI Having hard time with query in cli with this security hub. If anyone call help really appreciate it.

1 Answers
0
Accepted Answer

Hello RGADA, Thank you for reaching out on RePost!

To search based on 'ComplianceStatus = Passed' you may use the following CLI command: aws securityhub get-findings --filters '{"ComplianceStatus": [{"Comparison": "EQUALS", "Value": "PASSED"}]}'

Please note that for findings that are >3 - 5 days they will be automatically archived, these findings are viewable using the following CLI command: aws securityhub get-findings --filters '{"RecordState": [{"Comparison": "EQUALS", "Value": "ARCHIVED"}]}'

Of course, you may also use both of these at the same time to show both archived AND 'ComplianceStatus = Passed' findings like this: aws securityhub get-findings --filters '{"ComplianceStatus": [{"Comparison": "EQUALS", "Value": "PASSED"}], "RecordState": [{"Comparison": "EQUALS", "Value": "ARCHIVED"}]}'

There are some further examples and guidance on using the CLI to return findings which can be found here: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securityhub/get-findings.html

I note that you also mention that you would like to be able to close the findings as well. This is also possible via the CLI using the batch-update-findings CLI command. The documentation linked below has an example for doing exactly this task. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securityhub/batch-update-findings.html

SUPPORT ENGINEER
answered 3 months ago
  • That worked, thank you lot

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions