This solution uses AWS Security Hub API, AWS Lambda, Amazon S3, and Amazon SNS. List of findings are aggregated into csv file, to help identify common security issues that may require remediation action.
Security Hub includes various security standards and integrations that you can enable to understand your overall security state. A recurring Security Hub CSV full report with email notification that provides recipients with a proactive communication summarizing the security posture and improvement within AWS Accounts.
This solution assumes that Security Hub is enabled in your AWS account. If it isn’t enabled, set up the service so that you can start seeing a comprehensive view of security findings across your AWS accounts.
- An EventBridge time-based event invokes a Lambda function for processing.
- The Lambda function gets finding results from Security Hub API and writes them into a CSV file.
- It uploads them as CSV into Amazon S3 and generates a pre authenticated link.
- SNS sends the email notification to the address provided during deployment.
- The email includes a link to download the file.
- Finding id
- ProductArn
- ProductName
- CompanyName
- GeneratorId
- SecurityControlId
- CreatedAt
- UpdatedAt
- Confidence
- RemediationText
- RemediationUrl
- SourceUrl
- Compliance Status
- WorkflowStatus
- RecordState
- Processed_at
- Finding title
- Finding description
- Severity
- Region
- AccountId
- ResourceType
- ResourceId
- ResourceTags
Note: That report can be extended with additional field as needed, by modifying the Lambda function.
- Download the CloudFormation template security-hub-email-summary-cf-template.json
- On AWS account console, open the service CloudFormation.
- Click on Create Stack with new resources. Select Template is ready and then Upload a template file.
- Using Choose file, select the security-hub-full-report-email.json file which you downloaded in step 1.
- Click on Next. On next page, enter a name for the stack.
- On the same page, enter values for the input parameters.
- Click Next.
- Accept all defaults in screens that follow and create the stack. Click Next.
- Check I acknowledge that AWS CloudFormation might create IAM resources. Click Create Stack.
You can send a test email once the deployment is complete and you have confirmed the SNS subscription email. Navigate to the Lambda console and locate the function Lambda function named SendSecurityHubFullReportEmail. Perform a manual invocation with any event payload to receive an email shortly.
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.