Skip to content

AWS security hub findings#13

Draft
saurabh3460 wants to merge 50 commits intorunwhen-contrib:mainfrom
infracloudio:f/security-hub
Draft

AWS security hub findings#13
saurabh3460 wants to merge 50 commits intorunwhen-contrib:mainfrom
infracloudio:f/security-hub

Conversation

@saurabh3460
Copy link
Copy Markdown
Contributor

@saurabh3460 saurabh3460 commented Jan 16, 2025

No description provided.

saurabh3460 and others added 30 commits November 20, 2024 17:14
@saurabh3460
add codebundles/aws-c7n-ebs-health/sli.robot
63adb4f
@saurabh3460
add c7n ebs policies
7a205bd
@saurabh3460
add script to create test infra
9ee4894
@saurabh3460
added runbook.robot with List Unattached EBS Volumes task
b86124b
@saurabh3460
Merge branch 'runwhen-contrib:main' into main
e1bd6e0
@saurabh3460
added parse_ebs_results func in Core.py
774460f
@saurabh3460
change name of unused-ebs-snapshots policy
9d5dd28
@saurabh3460
change secret__aws_account_id -> secret__aws_access_key_id
3dd7314
@saurabh3460
updated create/delete snapshot script in .test
b9505d0
@saurabh3460
added List Unused EBS Snapshots and List Unencrypted EBS Volumes task…
aa77f67 
…s in runbook
@saurabh3460
add runwhen generation rule and template yaml
780854e
@saurabh3460
clean cc lib
3455556
@saurabh3460
replace ebs test script with terraform
ecc92ff
@saurabh3460
remove volume check and add encrypted false in ebs.tf
cfb684b
@saurabh3460
added taskfile in ebs health codebundle
e9f4513
@saurabh3460
add account_id in ebs gen rule qualifiers
6102c59
@saurabh3460
add check-rwp-config task in ebs cb test's taskfile
4c59821
@saurabh3460
update ebs cb test README
90b306b
@saurabh3460
add encrypted filed in ebs tf file
7f81bd3
@saurabh3460
add suite variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in eb…
9602af8 
…s health cb
@saurabh3460
add rw-cli-keywords dependency in requirements.txt
becadf9
@saurabh3460
fix sli locations filed in both ebs and s3 cb
37fd8b7
@saurabh3460
update Author in sli
5672dc9
@saurabh3460
fix Add Issue and change AWS_ACCOUNT_NAME -> AWS_ACCOUNT_ID
53c55bc
@saurabh3460
ebs Taskfile: add custom field and terraform/cb.secret
406e2fd
@saurabh3460
ebs sli: fix score logic
b0d6153
@saurabh3460
ebs runbook: update next steps string and task title
4580a3b
@saurabh3460
EBS CB: fix typo and update image url in templates
d7fce89
@saurabh3460
update intervalSeconds 300 -> 600
59c5463
@saurabh3460
EBS CB: update Metadata and thresholds defaults 1->0
d1caa2e
@saurabh3460 saurabh3460 force-pushed the f/security-hub branch 2 times, most recently from ee34095 to efcc70a Compare January 19, 2025 16:50
@saurabh3460 saurabh3460 changed the title security hub findings AWS security hub findings Jan 20, 2025
@saurabh3460 saurabh3460 marked this pull request as ready for review January 20, 2025 09:01
@saurabh3460
Copy link
Copy Markdown
Contributor Author

saurabh3460 commented Jan 20, 2025

This is ready for review @stewartshea

@stewartshea stewartshea self-assigned this Jan 22, 2025
@stewartshea
Copy link
Copy Markdown
Contributor

stewartshea commented Jan 23, 2025

I'm not quite sure on the implementation of this yet - first I think we need to figure out which regions have security hub enabled, and then which products are enabled, see the example simple script for this type of thing (not yet at all integrated for our codebundles).

#!/bin/bash

echo "Fetching AWS Security Hub status across regions..."
for region in $(aws ec2 describe-regions --query "Regions[].RegionName" --output text); do
  echo -e "\nChecking $region..."
  hub_status=$(aws securityhub describe-hub --region $region --query "HubArn" --output text 2>/dev/null)
  
  if [ -n "$hub_status" ]; then
    echo "✅ Security Hub is enabled in $region"
    echo "🔍 Enabled Products:"
    aws securityhub list-enabled-products-for-import --region $region --query "ProductSubscriptions" --output text 2>/dev/null
  else
    echo "❌ Security Hub is NOT enabled in $region"
  fi
done

I also think we need to address two other things:

  1. are we matching on the right resource (there is a cloudquery resource, but we have to fix/investigate the ARN issue - I will look into this)
  2. What other tasks should we add - this one is collecting findings, but what about cost control or improper configuration, we could also have a task that just lists the enabled products and regions, etc.

We can chat more live.

@stewartshea stewartshea marked this pull request as draft February 3, 2025 12:28
@stewartshea
Copy link
Copy Markdown
Contributor

stewartshea commented Feb 3, 2025

Converted to draft until it is ready for review again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stewartshea stewartshea stewartshea left review comments

Assignees

@stewartshea stewartshea

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@saurabh3460 @stewartshea