Skip to content
For use in our Tenable.IO to AWS Security Hub integration
Python Dockerfile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
Dockerfile minor tweaks and added a recurring ingest #1 Jan 18, 2019
LICENSE Initial Commit Nov 28, 2018 updated readme #6 #7 Mar 14, 2019
requirements.txt uses updated UA String format in pyTenable v1 Nov 21, 2019 uses updated UA String format in pyTenable v1 Nov 21, 2019 Unit tests testing the transforms and updated readme #3 #5 Feb 12, 2019 -> AWS Security Hub Transformer

This tool is designed to consume asset and vulnerability data, transform that data into the AWS Security Hub Finding format, and then upload the resulting data into AWS Security Hub.

The tool can be run as either a one-shot docker container or as a command-line tool. To run as a docker image, you'll need to build the image and then pass the necessary secrets on to the container.

To run as a command-line tool, you'd need to install the required python modules and then can run the tool using either environment variables or by passing the required parameters as run-time parameters.

Building for Docker

docker build -t tio2sechub:latest .

Installing Python Requirements

pip install -r requirements.txt


The following below details both the command-line arguments as well as the equivalent environment variables.

usage: [-h] [--tio-access-key TIO_ACCESS_KEY]
                       [--tio-secret-key TIO_SECRET_KEY]
                       [--batch-size BATCH_SIZE] 
                       [--aws-region AWS_REGION]
                       [--aws-account-id AWS_ACCOUNT_ID]
                       [--aws-access-id AWS_ACCESS_ID]
                       [--aws-secret-key AWS_SECRET_KEY]
                       [--log-level LOG_LEVEL] 
                       [--since OBSERVED_SINCE]
                       [--severities SEVERITIES]
                       [--run-every RUN_EVERY]

optional arguments:
  -h, --help            show this help message and exit
  --tio-access-key TIO_ACCESS_KEY
               Access Key
  --tio-secret-key TIO_SECRET_KEY
               Secret Key
  --batch-size BATCH_SIZE
                        Size of the batches to populate into Security Hub
  --aws-region AWS_REGION
                        AWS region for Security Hub
  --aws-account-id AWS_ACCOUNT_ID
                        AWS Account ID
  --aws-access-id AWS_ACCESS_ID
                        AWS Access ID
  --aws-secret-key AWS_SECRET_KEY
                        AWS Secret Key
  --log-level LOG_LEVEL
                        Log level: available levels are debug, info, warn,
                        error, crit
                        What Severities should be ingested? Colon delimited
                        The unix timestamp of the age threshold
  --run-every RUN_EVERY
                        How many hours between recurring imports


Run the import once:

./                       \
    --tio-access-key {TIO_ACCESS_KEY}   \
    --tio-secret-key {TIO_SECRET_KEY}   \
    --aws-region us-east-1              \
    --aws-account-id {AWS_ACCOUNT_ID}   \
    --aws-access-id {AWS_ACCESS_ID}     \
    --aws-secret-key {AWS_SECRET_KEY}   \

Run the import once an hour:

./                       \
    --tio-access-key {TIO_ACCESS_KEY}   \
    --tio-secret-key {TIO_SECRET_KEY}   \
    --aws-region us-east-1              \
    --aws-account-id {AWS_ACCOUNT_ID}   \
    --aws-access-id {AWS_ACCESS_ID}     \
    --aws-secret-key {AWS_SECRET_KEY}   \
    --run-every 1

Run the same import using environment vars:

export AWS_REGION="us-east-1"
export RUN_EVERY=1



You can’t perform that action at this time.