Skip to content

unicrons/powerpipe-securityhub-importer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
cmd
cmd
 
 
docs
docs
 
 
pkg
pkg
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Powerpipe AWS SecurityHub Findings Importer

Import your Powerpipe AWS ASFF findings into AWS SecurityHub in all your AWS Accounts and Regions!

What is this?

powerpipe-securityhub-importer is tool that imports Powerpipe ASFF findings from different AWS Accounts and Regions into AWS SecurityHub.

We have created this tool to facilitate the integration between Powerpipe and AWS SecurityHub when working with different AWS Accounts and Regions.

You cannot import directly your findings to your centralized SecurityHub account. When working with multiple accounts or regions, it is required to import the findings into their account and region.

Features

  • Import Powerpipe ASFF findings into AWS SecurityHub for each AWS Account and Region.
  • Skip PASSED and NOT_AVAILABLE findings if desired.
  • It is fast! 🚀

Note

Are you using Steampipe in your AWS Organizations? Check steampipe-config-generator tool!

Requirements

  • An AWS IAM Role deployed in all your AWS accounts with:
    • A trust policy that allows sts:AssumeRole from a central role.
    • Permissions to import SecurityHub findings:
    {
  "Sid": "SecurityHubImport",
  "Effect": "Allow",
  "Action": [
    "securityhub:BatchImportFindings"
  ],
  "Resource": "*"
}
  • Valid AWS credentials with the needed permissions to assume the distributed IAM Role: 
    {
  "Sid": "AssumeSecurityImportRole",
  "Effect": "Allow",
  "Action": [
    "sts:AssumeRole"
  ],
  "Resource": "arn:aws:iam::*:role/role-name-with-path"
}

Tip

Check our post Deploy IAM Roles across an AWS Organization as code to know how to deploy the needed IAM role in all your AWS accounts!

How to use it

Usage of powerpipe-securityhub-importer:
  -failed
    	Skip Importing PASSED & NOT_AVAILABLE findings
  -findings string
    	SecurityHub asff json file path
  -log string
    	Log format: default, json (default "default")
  -role string
    	AWS assume role name
  -session string
    	AWS assume role session name (default "powerpipe-securityhub-importer")

Example:

./powerpipe_securityhub_importer -findings ./findings.asff.json -role role-name-with-path

To skip PASSED and NOT_AVAILABLE findings add -failed flag.

Contribute

Do you see any issue? Something to improve? A new feature? Open a Github Issue or submit a PR!
We welcome all contributors!

About

Import your Powerpipe findings into AWS SecurityHub

unicrons.cloud

Topics

go aws hacktoberfest powerpipe

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Oct 18, 2024

Packages

No packages published

Contributors 2

  •  
  •  

Languages