1.3.0: Multiple input files, AWS profiles and more!

This new release improves usability and code quality, bug fixing, and introduces a lot of new features:

• You can now combine multiple ASFF files as inputs and process them all together, such as using different scanner sources or in addition to AWS Security Hub.
• HTML reports have been improved to allow filtering by MetaChecks.
• New drilled MetaChecks for AwsEc2Volume have been added.
• You can now use --sh-profile to connect to Security Hub using an AWS profile (before it was only posible using your environment or assuming roles --sh-assume-role)
• MetaAccount checks are now optional using --meta-account.
• You can interrupt the execution of MetaHub before it finishes and obtain partial results.
• The --outputs option is deprecated. You can now use --output-modes to manage all output modes, including different types of JSON. All output modes are enabled by default to allow analyzing the results in different ways.
• When using the --list-findings option, you can now select the type of listing, such as short, full, inventory, or statistics.
• Some rich statistics have been added to the CLI!

Happy hunting!

1.2.0: Drilled MetaChecks, MetaAccount and more!

• Drilled MetaChecks: When contextualizing your Security Findings with MetaHub, the tool now drills down into all associated resources, like Security Groups, IAM Roles, IAM Policies, AutoScaling Groups, etc. For each associated resource, MetaHub will execute all MetaCheck available for that resource type. This way, if you are analyzing a finding for an EC2 instance, you don't stop there, you can also analyze the Security Group, IAM Role, IAM Policies, etc. associated with that EC2 instance.

• Impact MetaChecks: The MetaChecks is_public, is_encrypted, is_unrestricted, and is_attached are now defined for all resource types, giving a standardized way to define the impact of a finding no matter the resource type.

• MetaHub now adds a new MetaAccount section for your security findings, with information about the account where the finding was generated, for example, the security contact email; this information could be useful for defining the ownership of a finding. You can now define ownership based on these fields, or MetaTags or MetaTrails.

• New Resource Type MetaChecks: AwsAutoScalingAutoScalingGroup, AwsEksCluster, AwsIamRole, AwsRdsDbInstance, and AwsRdsDbCluster

• New MetaTrails events added

1.1.0: Security Groups and Policies Checkers!

This new release introduces two new modules for checking Security Groups and Policies.

When investigating an affected resource associated with a Security Group (like an EC2 Instance, a Lambda Function, an RDS, etc.), you can now get as part of it also the configuration and MetaChecks from the associated Security Groups, like unrestricted rules. It is not the same an EC2 Public instance or an EC2 Instance without IMDSv2 if it's associated with a Security Group with unrestricted rules (or not).

When investigating an affected resource associated with a policy (like an SQS, SNS, ElasticCache, ElasticSearch, etc.), you can now get as part of it also the configuration and MetaChecks from the associated policies, like if it's unrestricted, cross-account, and more... It is not the same an ElasticSearch cluster which is Public if it's associated with a policy with unrestricted statements (or not).

Bug fixes and more than 50 new MetaChecks!

First Released Version! (v1.0.0)

• ASFF ingestion from AWS Security Hub or directly from ASFF output files. (and combined! You can combine findings from scanners not connected with AWS Security Hub, leveraging ASFF format!)
• MetaChecks: More than 50 MetaChecks!
• MetaTags: Using AWS Resource Groups Tagging API, which supports hundreds of resources (get all Tags for almost any affected resource)
• MetaTrails: Querying CloudTrail events for the affected resource! (get who and when created the affected resources)
• Serverless/Lambda ready! MetaHub can run directly on a Lambda function. Just upload the code and run. You can get the output by Invoking the Lambda manually or triggering the Lambda by any service like from AWS Security Hub or EventBridge.
• Back enrichment directly in AWS Security Hub by populating the UserDefinedFields. You can use the information provided by MetaHub to create Insights or Filters instantly in the AWS Security Hub console.
• MetaTags and MetaChecks Filtering
• YAML filters templates to keep your filters versioned
• HTML-enriched dynamic reports: You can generate reports for your security findings by adding MetaTags and MetaChecks. You can then directly filter, sort, and AutoFilter columns in your reports.
• Statistics Module: from any query, get statistics (affected resources by Tagging, by Type, by Check, or by any other field!)
• Four grouping listing modes: full, short, inventory, and statistics
• Three output formats: JSON, CSV, and HTML
• Available Public Docker Image in AWS ECR:. docker run -ti public.ecr.aws/n2p8q5p4/metahub:latest ./metahub -h