Security Hub Custom Provider
This project shows you how you can integrate with AWS Security Hub to provide your own custom findings. In this example, we periodically check the Troy Hunt's Have I Been Pwned API and report findings whenever a breach is added.
To deploy the Have I Been Pwned Custom Provider you require the following prerequisites:
You should first modify the
email_addresses variable in the src/index.py file to match the e-mail addresses you wish to monitor.
There is an included deploy.sh script that will create a new S3 bucket for the deployment artifacts, compile the SAM template and deploy to your account. You can modify this script if you have an existing bucket for your artifacts.
The Lambda will be executed every 24 hours (you can change this frequency in the CloudFormation template) which will call the Have I Been Pwned API for every e-mail address listed and if new breaches are discovered, it will add a finding in the AWS Security Hub console.