Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] support Security Hub consolidated control findings #166

Open
oshaughnessy opened this issue Aug 31, 2023 · 1 comment
Open

[FEATURE] support Security Hub consolidated control findings #166

oshaughnessy opened this issue Aug 31, 2023 · 1 comment
Labels
feature

Comments

@oshaughnessy
Copy link

oshaughnessy commented Aug 31, 2023
edited by mlfulleraws
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Is your feature request related to a problem? Please describe

I would like to deploy consolidated control findings in Security Hub, but the role definition and Lambda in the SRA solution don't yet support it.

Describe the solution you'd like

I'd like the sra-securityhub-configuration role to include permissions for the batch security control APIs and the deployment Lambda to explicitly specify consolidation when enabling Security Hub, to make the behavior of Security Hub deployments use this feature. This is the new default behavior, but my account was using Security Hub before that was changed.

Please see https://github.com/oshaughnessy/aws-security-reference-architecture-examples/pull/1/files for example code.

Describe alternatives you've considered

The alternative would be to leave consolidated control findings off.

Additional context

See the AWS blog post, Prepare for consolidated controls view and consolidated control findings in AWS Security Hub

See the description of securityhub.client.enable_security_hub():

...
ControlFindingGenerator -

This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards.

If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.

The value for this field in a member account matches the value in the administrator account. For accounts that aren’t part of an organization, the default value of this field is SECURITY_CONTROL if you enabled Security Hub on or after February 23, 2023.

My fork includes changes to the role definition and Lambda so that consolidated findings are used when deploying the Security Hub Organization solution.
@oshaughnessy oshaughnessy mentioned this issue Aug 31, 2023
Open
@oshaughnessy
Copy link
Author

Hello, AWS team. I've submitted this per the contributing guidelines. Is there something else I can do to get the conversation going? Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
Security Reference Architecture (SRA)
Status: Planned for future quarters (Q4'24/Q1'25) / Not Started (Looking for contributors)
Milestone
No milestone
Development

No branches or pull requests
1 participant
@oshaughnessy