gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-06 17:53:37 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
a80a7f9e975d7fbf91174bfa8b5eb990355e07a5
hacktricks-cloud/src/pentesting-cloud/aws-security/aws-services/aws-security-and-detection-services/aws-security-hub-enum.md

62 lines
2.0 KiB
Markdown
Raw Blame History

# AWS - Security Hub Enum
{{#include ../../../../banners/hacktricks-training.md}}
## Security Hub
**Security Hub** raccoglie **dati** di sicurezza da **diversi account AWS**, servizi e prodotti di partner di terze parti supportati e ti aiuta a **analizzare le tue tendenze di sicurezza** e identificare i problemi di sicurezza di massima priorità.
Centralizza **gli avvisi relativi alla sicurezza tra gli account** e fornisce un'interfaccia utente per visualizzarli. La maggiore limitazione è che **non centralizza gli avvisi tra le regioni**, solo tra gli account.
**Caratteristiche**
- Regionale (i risultati non attraversano le regioni)
- Supporto multi-account
- Risultati da:
- Guard Duty
- Config
- Inspector
- Macie
- terze parti
- auto-generati secondo gli standard CIS
## Enumeration
```
# Get basic info
aws securityhub describe-hub
# Get securityhub org config
aws securityhub describe-organization-configuration #If the current account isn't the security hub admin, you will get an error
# Get the configured admin for securityhub
aws securityhub get-administrator-account
aws securityhub get-master-account # Another way
aws securityhub list-organization-admin-accounts # Another way
# Get enabled standards
aws securityhub get-enabled-standards
# Get the findings
aws securityhub get-findings
# Get insights
aws securityhub get-insights
# Get Automation rules (must be from the admin account)
aws securityhub list-automation-rules
# Get members (must be from the admin account)
aws securityhub list-members
aws securityhub get-members --account-ids <acc-id>
```
## Bypass Detection
TODO, PRs accettati
## References
- [https://cloudsecdocs.com/aws/services/logging/other/#general-info](https://cloudsecdocs.com/aws/services/logging/other/#general-info)
- [https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html)
{{#include ../../../../banners/hacktricks-training.md}}
Reference in New Issue View Git Blame Copy Permalink