mirror of
https://github.com/HackTricks-wiki/hacktricks-cloud.git
synced 2026-03-12 21:22:57 -07:00
1.9 KiB
1.9 KiB
AWS - Security Hub Enum
{{#include ../../../../banners/hacktricks-training.md}}
Security Hub
Security Hub collects security data from across AWS accounts, services, and supported third-party partner products and helps you analyze your security trends and identify the highest priority security issues.
It centralizes security related alerts across accounts, and provides a UI for viewing these. The biggest limitation is it does not centralize alerts across regions, only across accounts
Characteristics
- Regional (findings don't cross regions)
- Multi-account support
- Findings from:
- Guard Duty
- Config
- Inspector
- Macie
- third party
- self-generated against CIS standards
Enumeration
# Get basic info
aws securityhub describe-hub
# Get securityhub org config
aws securityhub describe-organization-configuration #If the current account isn't the security hub admin, you will get an error
# Get the configured admin for securityhub
aws securityhub get-administrator-account
aws securityhub get-master-account # Another way
aws securityhub list-organization-admin-accounts # Another way
# Get enabled standards
aws securityhub get-enabled-standards
# Get the findings
aws securityhub get-findings
# Get insights
aws securityhub get-insights
# Get Automation rules (must be from the admin account)
aws securityhub list-automation-rules
# Get members (must be from the admin account)
aws securityhub list-members
aws securityhub get-members --account-ids <acc-id>
Bypass Detection
TODO, PRs accepted
References
- https://cloudsecdocs.com/aws/services/logging/other/#general-info
- https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html
{{#include ../../../../banners/hacktricks-training.md}}