Data retrieval settings for AWS Security Hub
The following filters are available for the AWS Security Hub Host Vulnerability, Container Vulnerability, and Test Results Integrations. These filters control which findings are retrieved from AWS Inspector.
Role required: sn_vul_aws.configure_integration - to configure the integrations.
Note:
For Text-based filters, a maximum of nine values is supported for Host and Test Results configurations. Eight filters for container vulnerability
configuration are supported.
Host Vulnerabilities Configuration tab
| Column | Type | Values |
|---|---|---|
| Severity | glide_list | INFORMATIONAL, LOW, HIGH, MEDIUM, CRITICAL, UNKNOWN, FATAL, OTHER. |
| Vulnerability | string | CVE IDs |
| Resource type | choice | BOTH, AWS::EC2::Instance, AWS::Lambda::Function |
| Account id | string | AWS account IDs |
| Batch size | integer | Default: 1000 |
| CVSS base score | decimal | Minimum CVSS base score filter |
| Finding status | glide_list | New, In Progress, Resolved, Suppressed, Archived, Unknown, Other |
| Exploit available | choice | True, False |
| Fix available | choice | True, False |
| First observed at | glide_date_time | Filter by first observed date |
| Last observed at | glide_date_time | Filter by last observed date |
| Modified at | glide_date_time | Filter by modified date. Used for delta sync. |
| Resource tags | string | Filter by resource tags |
| Finding tags | string | Filter by finding tags |
| Vendor severity | glide_list | INFORMATIONAL, LOW, HIGH, MEDIUM, CRITICAL |
| Region | glide_list | AWS regions |
Container Vulnerabilities Configuration tab
| Column | Type | Values |
|---|---|---|
| Severity | glide_list | INFORMATIONAL, LOW, HIGH, MEDIUM, CRITICAL, UNKNOWN, FATAL, OTHER. |
| Vulnerability | string | CVE IDs |
| Account id | string | AWS account IDs |
| Batch size | integer | Default: 1000 |
| CVSS base score | decimal | Minimum CVSS base score filter |
| Finding status | glide_list | New, In Progress, Resolved, Suppressed, Archived, Unknown, Other. |
| Exploit available | choice | True, False |
| Fix available | choice | True, False |
| First observed at | glide_date_time | Filter by first observed date |
| Last observed at | glide_date_time | Filter by last observed date |
| Modified at | glide_date_time | Filter by modified date |
| Resource tags | string | Filter by resource tags |
| Finding tags | string | Filter by finding tags |
| Vendor severity | glide_list | INFORMATIONAL, LOW, HIGH, MEDIUM, CRITICAL |
| Region | glide_list | AWS regions |
| Repository Name | string | ECR repository name filter |
| Registry UID | string | ECR registry UID filter |
Test Results Configuration tab
| Column | Type | Values |
|---|---|---|
| Severity | glide_list | INFORMATIONAL, LOW, HIGH, MEDIUM, CRITICAL, UNKNOWN, FATAL, OTHER. |
| Control | string | Control identifiers |
| Control Status | glide_list | PASS, FAIL, WARNING, UNKNOWN |
| Control Standards | string | Compliance standards |
| Finding Status | glide_list | New, In Progress, Resolved, Suppressed, Archived, Unknown, Other |
| Account ID | string | AWS account IDs |
| Resource Type | string | AWS resource types |
| First observed at | glide_date_time | Filter by first observed date |
| Last observed at | glide_date_time | Filter by last observed date |
| Modified at | glide_date_time | Filter by modified date |
| Resource Tags | string | Filter by resource tags |
| Finding Tags | string | Filter by finding tags |
| Vendor severity | glide_list | INFORMATIONAL, LOW, HIGH, MEDIUM, CRITICAL. |