custodian integration with security hub
115 views
Skip to first unread message
Lakshmi Pendyala
Mar 27, 2019, 8:50:54 AM3/27/19
to cloud-custodian
Hi, I just tried to integrate CloudCustodian with AWS Security Hub. Integration part went smooth and took the sample example from AWS Blog(Announcing Cloud Custodian Integration with AWS Security Hub). I thought I can see all the findings in SecurityHub, but I'm able to see only 3 findings in SecurityHub. I've 22 total resources that are not encrypted. I'm printing all the findings from the custodian securityhub.py before sending them to SecurityHub. Please help me what mistake I'm doing?
---Lakshmi
Philip M. Gollucci
Mar 27, 2019, 11:18:49 AM3/27/19
to Lakshmi Pendyala, cloud-custodian
Can you link to that blog? I missed this integration. Thats really cool!
On Wed, Mar 27, 2019 at 8:50 AM Lakshmi Pendyala <lpen...@gmail.com> wrote:
Hi, I just tried to integrate CloudCustodian with AWS Security Hub. Integration part went smooth and took the sample example from AWS Blog(Announcing Cloud Custodian Integration with AWS Security Hub). I thought I can see all the findings in SecurityHub, but I'm able to see only 3 findings in SecurityHub. I've 22 total resources that are not encrypted. I'm printing all the findings from the custodian securityhub.py before sending them to SecurityHub. Please help me what mistake I'm doing?---Lakshmi
--
You received this message because you are subscribed to the Google Groups "cloud-custodian" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cloud-custodi...@googlegroups.com.
To post to this group, send email to cloud-c...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cloud-custodian/d5787197-2883-49bf-ac10-64ac57ed82b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Philip M. Gollucci
IT Executive and Engineering Leader
Paul Wehner
Mar 27, 2019, 11:20:41 AM3/27/19
to Philip M. Gollucci, Lakshmi Pendyala, cloud-custodian
Paul Wehner
Systems Engineering Specialist
Systems Engineering Specialist
University of Notre Dame du Lac
To view this discussion on the web visit https://groups.google.com/d/msgid/cloud-custodian/CACM2dAYC64yXL2weLoyk8-cmcK%3DMAy9coN59zMfyVAWyG6ntqA%40mail.gmail.com.
Kapil Thangavelu
Apr 16, 2019, 5:05:24 PM4/16/19
to cloud-custodian
Hi Paul,
This is imo a bug with the security hub ux (or api), the hub api accepts 10 resources per finding, but only shows a single one. Latest versions of custodian default to only doing a single resource per finding to match up with extant hub ui semantics, that can be controlled with the batch_size parameter on the post finding action. Also another recent feature is using security findings as a filter on extant resources, so that you can
@philg custodian was in AndyJ's keynote at reinvent last year as one of the sec hub launch partners.. I got a photo of the logo from the vid .. no t-shirt though ;-)
cheers,
Kapil
ps. in general if folks have interactive questions I do recommend the gitter channel.. general response times there are minutes/hours from a community member.. response time here seems to be days/weeks depending. upside this has much better threaded history for search engines... err.. I mean google.... we also have a reddit -> https://www.reddit.com/r/cloudcustodian/ albeit light use atm..
On Wednesday, March 27, 2019 at 11:20:41 AM UTC-4, Paul Wehner wrote:
Paul Wehner
Systems Engineering SpecialistUniversity of Notre Dame du Lac
340 ITC
Notre Dame, IN 46556
On Wed, Mar 27, 2019 at 11:18 AM Philip M. Gollucci wrote:
Can you link to that blog? I missed this integration. Thats really cool!
On Wed, Mar 27, 2019 at 8:50 AM Lakshmi Pendyala wrote:
--Hi, I just tried to integrate CloudCustodian with AWS Security Hub. Integration part went smooth and took the sample example from AWS Blog(Announcing Cloud Custodian Integration with AWS Security Hub). I thought I can see all the findings in SecurityHub, but I'm able to see only 3 findings in SecurityHub. I've 22 total resources that are not encrypted. I'm printing all the findings from the custodian securityhub.py before sending them to SecurityHub. Please help me what mistake I'm doing?---Lakshmi
You received this message because you are subscribed to the Google Groups "cloud-custodian" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cloud-custodian+unsubscribe@googlegroups.com.
To post to this group, send email to cloud-custodian@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cloud-custodian/d5787197-2883-49bf-ac10-64ac57ed82b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
----Philip M. GollucciIT Executive and Engineering Leader
You received this message because you are subscribed to the Google Groups "cloud-custodian" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cloud-custodian+unsubscribe@googlegroups.com.
To post to this group, send email to cloud-custodian@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages