-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: Security Hub #6674
Comments
I'm planning to work on this. |
Reference: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_EnableImportFindingsForProduct.html https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchEnableStandards.html |
@jsamuel1 @philsynek @tdmalone @brandonstevens: Any feedback on the design/examples above? I'm considering a few things:
|
Following in the same style as |
re: aws_securityhub_standard_subscription - @gazoakley, might be best to keep the plural from the aws API - ie. aws_securityhub_standards_subscription. I think the separate aws_securityhub_account is needed, so that we can turn securityhub on/off - otherwise there is no reliable way to roll back to a previous state. Would the other API's return an error if securityhub isn't on? For organization/multi-account usage, using the _member API, does this scenario negate the need to explicity enable in the child accounts? |
It really bugs me that they named standards with a plural (when you're enabling an individual standard) but not product (which seems more natural). I guess I should rename to be consistent with the API though.
They do return an error - I'm relying on that behaviour right now to detect if the
Doesn't look like it from testing through the console - you still need to send an invite and accept it in the other account even if both accounts are part of the same organization. |
The |
any plans for |
Any current plans for Thanks! |
Is there any chance of a Edit D'oh. This is already in progress as #10493 |
The new |
I'm pretty new to Terraform development and I'm interested in taking a look at the https://docs.aws.amazon.com/sdk-for-go/api/service/securityhub/#AwsSecurityFindingFilters |
Looking forward to the release of |
There is also |
Support for the |
Hello, any plans for an equivalent of https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_EnableOrganizationAdminAccount.html |
Any news on SH insight ? |
Hi @jasonhuling et al. 👋 Support for the |
Support for the |
Support for the |
This has been released in version 3.37.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Description
AWS has announced Security Hub: https://aws.amazon.com/security-hub/
New or Affected Resource(s)
aws_securityhub_account
aws_securityhub_action_target
aws_securityhub_member
aws_securityhub_product_subscription
aws_securityhub_standards_subscription
aws_securityhub_organization_admin_account
aws_securityhub_invite_accepter
aws_securityhub_insight
Potential Terraform Configuration
Product ARNs
Remember to replace
${var.region}
as appropriate (or define that variable)arn:aws:securityhub:${var.region}::product/aws/guardduty
arn:aws:securityhub:${var.region}::product/aws/inspector
arn:aws:securityhub:${var.region}::product/aws/macie
arn:aws:securityhub:${var.region}:733251395267:product/alertlogic/althreatmanagement
arn:aws:securityhub:${var.region}:679703615338:product/armordefense/armoranywhere
arn:aws:securityhub:${var.region}:151784055945:product/barracuda/cloudsecurityguardian
arn:aws:securityhub:${var.region}:758245563457:product/checkpoint/cloudguard-iaas
arn:aws:securityhub:${var.region}:634729597623:product/checkpoint/dome9-arc
arn:aws:securityhub:${var.region}:517716713836:product/crowdstrike/crowdstrike-falcon
arn:aws:securityhub:${var.region}:749430749651:product/cyberark/cyberark-pta
arn:aws:securityhub:${var.region}:250871914685:product/f5networks/f5-advanced-waf
arn:aws:securityhub:${var.region}:123073262904:product/fortinet/fortigate
arn:aws:securityhub:${var.region}:324264561773:product/guardicore/aws-infection-monkey
arn:aws:securityhub:${var.region}:324264561773:product/guardicore/guardicore
arn:aws:securityhub:${var.region}:949680696695:product/ibm/qradar-siem
arn:aws:securityhub:${var.region}:955745153808:product/imperva/imperva-attack-analytics
arn:aws:securityhub:${var.region}:297986523463:product/mcafee-skyhigh/mcafee-mvision-cloud-aws
arn:aws:securityhub:${var.region}:188619942792:product/paloaltonetworks/redlock
arn:aws:securityhub:${var.region}:122442690527:product/paloaltonetworks/vm-series
arn:aws:securityhub:${var.region}:805950163170:product/qualys/qualys-pc
arn:aws:securityhub:${var.region}:805950163170:product/qualys/qualys-vm
arn:aws:securityhub:${var.region}:336818582268:product/rapid7/insightvm
arn:aws:securityhub:${var.region}:062897671886:product/sophos/sophos-server-protection
arn:aws:securityhub:${var.region}:112543817624:product/splunk/splunk-enterprise
arn:aws:securityhub:${var.region}:112543817624:product/splunk/splunk-phantom
arn:aws:securityhub:${var.region}:956882708938:product/sumologicinc/sumologic-mda
arn:aws:securityhub:${var.region}:754237914691:product/symantec-corp/symantec-cwp
arn:aws:securityhub:${var.region}:422820575223:product/tenable/tenable-io
arn:aws:securityhub:${var.region}:679593333241:product/trend-micro/deep-security
arn:aws:securityhub:${var.region}:453761072151:product/turbot/turbot
arn:aws:securityhub:${var.region}:496947949261:product/twistlock/twistlock-enterprise
References
aws_securityhub_account
aws_securityhub_member
aws_securityhub_invite_accepter
aws_securityhub_insight
aws_securityhub_standards_subscription
aws_securityhub_product_subscription
The text was updated successfully, but these errors were encountered: