Import your Powerpipe results into AWS SecurityHub
Continuing with what we saw in Automate your Steampipe AWS configuration with AWS Organizations, we have developed a powerpipe-securityhub-importer to import the results of your controls in AWS SecurityHub.
Powerpipe allows us to run benchmarks that, through Steampipe, provide us with the results of our controls.
Powerpipe allows you to export the results of your benchmarks or controls in ASFF format. If we run these controls on an AWS organization, we will get the results from all accounts and regions in a single file.
However, we cannot import them directly into our centralized SecurityHub. We need to import each finding into the account and region where the scanned resource is located.
To facilitate this process and add some extra features, we have published powerpipe-securityhub-importer .
Requirements
To use it, you will need:
- An IAM Role created in all the accounts of your organization with:
- A Trust Policy that allows
sts:AssumeRole
from a centralized Role. - A policy with permissions to import findings into SecurityHub:
- A Trust Policy that allows
- AWS credentials that allow you to assume the Role required in point
1.
:
Tip
For more details on how to do this, you can check out our post Deploy IAM Roles across an AWS Organization as code.
Features
- Imports Powerpipe results in ASFF into AWS SecurityHub by AWS account and region.
- Allows ignoring findings whose state is
PASSED
orNOT_AVAILABLE
. - It's fast! 🚀
How does it work?
- Parses the file with findings in ASFF.
- Groups findings by account and region.
- Assumes the Role for each account.
- Imports findings into AWS SecurityHub for each account and region.
How to use it?
To ignore findings whose state is PASSED
or NOT_AVAILABLE
, add the flag -failed
.
Important
Check out the powerpipe-securityhub-importer: simple-github: repository for all available options. There, you'll always have the most up-to-date information.
And that's all folks! If you have any questions or comments, feel free to reach out to us.
Saludos, and may the force be with you.