AWS Security Hub
File Types
This DefectDojo parser accepts JSON files from AWS Security Hub. The JSON reports can be created from the AWS Security Hub CLI using the following command: aws securityhub get-findings
.
AWS Security Hub integrates with multiple AWS Tools. Thus, you can retrieve findings from various AWS sources through AWS Security Hub. This parser is able to handle the following findings retrieved over AWS Security Hub:
- AWS Security Hub Compliance Checks
- AWS Security Hub GuardDuty
- AWS Security Hub Inspector
Example Commands to retrieve JSON output
- AWS Security Hub Compliance Checks:
aws securityhub get-findings --filters ComplianceStatus="[{Comparison=EQUALS,Value=FAILED}]" | jq "." > output.json
- AWS Security Hub GuardDuty:
aws securityhub get-findings --filters ProductName="[{Value=GuardDuty,Comparison=EQUALS}]" | jq "." > output.json
- AWS Security Hub Inspector:
aws securityhub get-findings --filters ProductName="[{Value=Inspector,Comparison=EQUALS}]" | jq "." > output.json
Sample Scan Data
Sample scan data for testing purposes can be found here.
Last modified November 18, 2024: Merge pull request #11287 from DefectDojo/master-into-dev/2.40.2-2.41.0-dev (3b0fd30)