1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
# securityhub.py
import boto3
import datetime
from tabulate import tabulate
def get_section(config):
profile = config["aws"].get("profile")
region = config["aws"]["region"]
session = boto3.Session(
profile_name=profile if profile else None, region_name=region
)
client = session.client("securityhub")
findings = []
paginator = client.get_paginator("get_findings")
response_iterator = paginator.paginate(
Filters={
"CreatedAt": [{"DateRange": {"Value": 1, "Unit": "DAYS"}}],
"RecordState": [{"Value": "ACTIVE", "Comparison": "EQUALS"}],
"WorkflowStatus": [{"Value": "NEW", "Comparison": "EQUALS"}],
},
)
for page in response_iterator:
findings.extend(page.get("Findings", []))
rows = []
for finding in findings:
title = finding.get("Title", "No title")
severity = finding.get("Severity", {}).get("Label", "UNKNOWN")
product = finding.get("ProductName", "Unknown Product")
resource = finding.get("Resources", [{}])[0].get("Id", "Unknown Resource")
rows.append([severity, title[:50], product, resource[:30]])
if not rows:
lines = [
"AWS Security Hub Findings (Last 24h)",
"No new findings in the past 24 hours.",
]
else:
table = tabulate(
rows,
headers=["Severity", "Title", "Product", "Resource"],
tablefmt="simple_grid",
colalign=("center", "left", "left", "left"),
)
lines = [
f"AWS Security Hub Findings (Last 24h): {len(rows)} new finding(s)",
f"[https://{config['aws'].get('region')}.console.aws.amazon.com/securityhub/home?region=eu-west-1#/findings]",
table,
]
return "\n".join(lines)
|
