https://t.me/RX1948
Server : Apache
System : Linux iad1-shared-b8-43 6.6.49-grsec-jammy+ #10 SMP Thu Sep 12 23:23:08 UTC 2024 x86_64
User : dh_edsupp ( 6597262)
PHP Version : 8.2.26
Disable Function : NONE
Directory :  /lib/python3/dist-packages/awscli/examples/securityhub/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //lib/python3/dist-packages/awscli/examples/securityhub/get-findings.rst
**Example 1: To return findings generated for a specific standard**

The following ``get-findings`` example returns findings for the PCI DSS standard. ::

    aws securityhub get-findings \
        --filters '{"GeneratorId":[{"Value": "pci-dss","Comparison":"PREFIX"}]}' \
        --max-items 1

Output::

    {
        "Findings": [
            {
                "SchemaVersion": "2018-10-08",
                "Id": "arn:aws:securityhub:eu-central-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
                "ProductArn": "arn:aws:securityhub:us-west-1::product/aws/securityhub",
                "GeneratorId": "pci-dss/v/3.2.1/PCI.Lambda.2",
                "AwsAccountId": "123456789012",
                "Types": [
                    "Software and Configuration Checks/Industry and Regulatory Standards/PCI-DSS"
                ],
                "FindingProviderFields": {
                    "Severity": {
                        "Original": 0,
                        "Label": "INFORMATIONAL"
                    },
                    "Types": [
                        "Software and Configuration Checks/Industry and Regulatory Standards/PCI-DSS"
                    ]
                },
                "FirstObservedAt": "2020-06-02T14:02:49.159Z",
                "LastObservedAt": "2020-06-02T14:02:52.397Z",
                "CreatedAt": "2020-06-02T14:02:49.159Z",
                "UpdatedAt": "2020-06-02T14:02:52.397Z",
                "Severity": {
                    "Original": 0,
                    "Label": "INFORMATIONAL",
                    "Normalized": 0
                },
                "Title": "PCI.Lambda.2 Lambda functions should be in a VPC",
                "Description": "This AWS control checks whether a Lambda function is in a VPC.",
                "Remediation": {
                    "Recommendation": {
                        "Text": "For directions on how to fix this issue, please consult the AWS Security Hub PCI DSS documentation.",
                        "Url": "https://docs.aws.amazon.com/console/securityhub/PCI.Lambda.2/remediation"
                    }
                },
                "ProductFields": {
                    "StandardsArn": "arn:aws:securityhub:::standards/pci-dss/v/3.2.1",
                    "StandardsSubscriptionArn": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1",
                    "ControlId": "PCI.Lambda.2",
                    "RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/PCI.Lambda.2/remediation",
                    "RelatedAWSResources:0/name": "securityhub-lambda-inside-vpc-0e904a3b",
                    "RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
                    "StandardsControlArn": "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.Lambda.2",
                    "aws/securityhub/SeverityLabel": "INFORMATIONAL",
                    "aws/securityhub/ProductName": "Security Hub",
                    "aws/securityhub/CompanyName": "AWS",
                    "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/securityhub/arn:aws:securityhub:eu-central-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
            },
                "Resources": [
                    {
                        "Type": "AwsAccount",
                        "Id": "AWS::::Account:123456789012",
                        "Partition": "aws",
                        "Region": "us-west-1"
                    }
                ],
                "Compliance": {
                    "Status": "PASSED",
                    "RelatedRequirements": [
                        "PCI DSS 1.2.1",
                        "PCI DSS 1.3.1",
                        "PCI DSS 1.3.2",
                        "PCI DSS 1.3.4"
                    ]
                },
                "WorkflowState": "NEW",
                "Workflow": {
                    "Status": "NEW"
                },
                "RecordState": "ARCHIVED"
            }
        ],
        "NextToken": "eyJOZXh0VG9rZW4iOiBudWxsLCAiYm90b190cnVuY2F0ZV9hbW91bnQiOiAxfQ=="
    }

**Example 2: To return critical-severity findings that have a workflow status of NOTIFIED**

The following ``get-findings`` example returns findings that have a severity label value of CRITICAL and a workflow status of NOTIFIED. The results are sorted in descending order by the value of Confidence. ::

    aws securityhub get-findings \
        --filters '{"SeverityLabel":[{"Value": "CRITICAL","Comparison":"EQUALS"}],"WorkflowStatus": [{"Value":"NOTIFIED","Comparison":"EQUALS"}]}' \
        --sort-criteria '{ "Field": "Confidence", "SortOrder": "desc"}' \
        --max-items 1

Output::

    {
        "Findings": [
            {
                "SchemaVersion": "2018-10-08",
                "Id": "arn:aws:securityhub:us-west-1: 123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0/1.13/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
                "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/securityhub",
                "GeneratorId": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.13",
                "AwsAccountId": "123456789012",
                "Types": [
                    "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
                ],
                "FindingProviderFields" {
                    "Severity": {
                        "Original": 90,
                        "Label": "CRITICAL"
                    },
                    "Types": [
                        "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
                    ]
                },
                "FirstObservedAt": "2020-05-21T20:16:34.752Z",
                "LastObservedAt": "2020-06-09T08:16:37.171Z",
                "CreatedAt": "2020-05-21T20:16:34.752Z",
                "UpdatedAt": "2020-06-09T08:16:36.430Z",
                "Severity": {
                    "Original": 90,
                    "Label": "CRITICAL",
                    "Normalized": 90
                },
                "Title": "1.13 Ensure MFA is enabled for the \"root\" account",
                "Description": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device.",
                "Remediation": {
                    "Recommendation": {
                        "Text": "For directions on how to fix this issue, please consult the AWS Security Hub CIS documentation.",
                        "Url": "https://docs.aws.amazon.com/console/securityhub/standards-cis-1.13/remediation"
                    }
                },
                "ProductFields": {
                    "StandardsGuideArn": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
                    "StandardsGuideSubscriptionArn": "arn:aws:securityhub:us-west-1:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0",
                    "RuleId": "1.13",
                    "RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/standards-cis-1.13/remediation",
                    "RelatedAWSResources:0/name": "securityhub-root-account-mfa-enabled-5pftha",
                    "RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
                    "StandardsControlArn": "arn:aws:securityhub:us-west-1:123456789012:control/cis-aws-foundations-benchmark/v/1.2.0/1.13",
                    "aws/securityhub/SeverityLabel": "CRITICAL",
                    "aws/securityhub/ProductName": "Security Hub",
                    "aws/securityhub/CompanyName": "AWS",
                    "aws/securityhub/FindingId": "arn:aws:securityhub:us-west-1::product/aws/securityhub/arn:aws:securityhub:us-west-1:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0/1.13/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
                },
                "Resources": [
                    {
                        "Type": "AwsAccount",
                        "Id": "AWS::::Account:123456789012",
                        "Partition": "aws",
                        "Region": "us-west-1"
                    }
                ],
                "Compliance": {
                    "Status": "FAILED"
                },
                "WorkflowState": "NEW",
                "Workflow": {
                    "Status": "NOTIFIED"
                },
                "RecordState": "ACTIVE"
            }
        ]
    }

For more information, see `Filtering and grouping findings <https://docs.aws.amazon.com/securityhub/latest/userguide/findings-filtering-grouping.html>`__ in the *AWS Security Hub User Guide*.

https://t.me/RX1948 - 2025