Skip to content

unicrons/powerpipe-securityhub-importer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Powerpipe AWS SecurityHub Findings Importer

Import your Powerpipe AWS ASFF findings into AWS SecurityHub in all your AWS Accounts and Regions!

What is this?

powerpipe-securityhub-importer is tool that imports Powerpipe ASFF findings from different AWS Accounts and Regions into AWS SecurityHub.

We have created this tool to facilitate the integration between Powerpipe and AWS SecurityHub when working with different AWS Accounts and Regions.

You cannot import directly your findings to your centralized SecurityHub account. When working with multiple accounts or regions, it is required to import the findings into their account and region.

Features

  • Import Powerpipe ASFF findings into AWS SecurityHub for each AWS Account and Region.
  • Skip PASSED and NOT_AVAILABLE findings if desired.
  • It is fast! 🚀

Note

Are you using Steampipe in your AWS Organizations? Check steampipe-config-generator tool!

Requirements

  • An AWS IAM Role deployed in all your AWS accounts with:
    • A trust policy that allows sts:AssumeRole from a central role.
    • Permissions to import SecurityHub findings:
    {
      "Sid": "SecurityHubImport",
      "Effect": "Allow",
      "Action": [
        "securityhub:BatchImportFindings"
      ],
      "Resource": "*"
    }
  • Valid AWS credentials with the needed permissions to assume the distributed IAM Role:
    {
      "Sid": "AssumeSecurityImportRole",
      "Effect": "Allow",
      "Action": [
        "sts:AssumeRole"
      ],
      "Resource": "arn:aws:iam::*:role/role-name-with-path"
    }

Tip

Check our post Deploy IAM Roles across an AWS Organization as code to know how to deploy the needed IAM role in all your AWS accounts!

How to use it

Usage of powerpipe-securityhub-importer:
  -failed
    	Skip Importing PASSED & NOT_AVAILABLE findings
  -findings string
    	SecurityHub asff json file path
  -log string
    	Log format: default, json (default "default")
  -role string
    	AWS assume role name
  -session string
    	AWS assume role session name (default "powerpipe-securityhub-importer")

Example:

./powerpipe_securityhub_importer -findings ./findings.asff.json -role role-name-with-path

To skip PASSED and NOT_AVAILABLE findings add -failed flag.

Contribute

Do you see any issue? Something to improve? A new feature? Open a Github Issue or submit a PR!
We welcome all contributors!