AWS Security Hub: Sending Findings to S3 for Athena

Question

I am trying to find a way to create Athena queries that handle information from AWS Security Hub, such as the 'Findings' displayed within it. Athena's input data comes from S3. Is there a way to specify a location in S3 that will receive the findings from AWS Security Hub, or is there already a location I should try looking into? Is there any other way to feed Security Hub information into Athena?

Answer

Hi,

In principle, you should move security hub logs to an s3 bucket of choice, and then use Athena to query from that bucket.

You can check these out:
* https://github.com/aws-samples/aws-security-hub-findings-export
* https://aws.amazon.com/blogs/security/export-historical-security-hub-findings-to-an-s3-bucket-to-enable-complex-analytics/

Hope it helps ;)

Answer

Hey there!

You can use the new service, Amazon Security Lake, which automatically sends security hub findings to an S3 bucket and sets up Athena for you.

For more details, see here: https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html

AWS Security Hub: Sending Findings to S3 for Athena

相关内容