diff options
| author | Christian Cleberg <hello@cleberg.net> | 2025-06-20 13:55:54 -0500 |
|---|---|---|
| committer | Christian Cleberg <hello@cleberg.net> | 2025-06-20 13:55:54 -0500 |
| commit | 785f42901f34aaf356f316c691e3f56138c8608d (patch) | |
| tree | 5b8f7a6e33a6af410e511137fdd51b6fa60d0f83 /sections/securityhub.py | |
| download | aws-summary-report-785f42901f34aaf356f316c691e3f56138c8608d.tar.gz aws-summary-report-785f42901f34aaf356f316c691e3f56138c8608d.tar.bz2 aws-summary-report-785f42901f34aaf356f316c691e3f56138c8608d.zip | |
initial commit
Diffstat (limited to 'sections/securityhub.py')
| -rw-r--r-- | sections/securityhub.py | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/sections/securityhub.py b/sections/securityhub.py new file mode 100644 index 0000000..0ccb5fe --- /dev/null +++ b/sections/securityhub.py @@ -0,0 +1,56 @@ +# securityhub.py +import boto3 +import datetime +from tabulate import tabulate + + +def get_section(config): + profile = config["aws"].get("profile") + region = config["aws"]["region"] + + session = boto3.Session( + profile_name=profile if profile else None, region_name=region + ) + client = session.client("securityhub") + + findings = [] + paginator = client.get_paginator("get_findings") + + response_iterator = paginator.paginate( + Filters={ + "CreatedAt": [{"DateRange": {"Value": 1, "Unit": "DAYS"}}], + "RecordState": [{"Value": "ACTIVE", "Comparison": "EQUALS"}], + "WorkflowStatus": [{"Value": "NEW", "Comparison": "EQUALS"}], + }, + ) + + for page in response_iterator: + findings.extend(page.get("Findings", [])) + + rows = [] + for finding in findings: + title = finding.get("Title", "No title") + severity = finding.get("Severity", {}).get("Label", "UNKNOWN") + product = finding.get("ProductName", "Unknown Product") + resource = finding.get("Resources", [{}])[0].get("Id", "Unknown Resource") + rows.append([severity, title[:50], product, resource[:30]]) + + if not rows: + lines = [ + "AWS Security Hub Findings (Last 24h)", + "No new findings in the past 24 hours.", + ] + else: + table = tabulate( + rows, + headers=["Severity", "Title", "Product", "Resource"], + tablefmt="simple_grid", + colalign=("center", "left", "left", "left"), + ) + lines = [ + f"AWS Security Hub Findings (Last 24h): {len(rows)} new finding(s)", + f"[https://{config['aws'].get('region')}.console.aws.amazon.com/securityhub/home?region=eu-west-1#/findings]", + table, + ] + + return "\n".join(lines) |