policy-reporter icon indicating copy to clipboard operation
policy-reporter copied to clipboard

Published 20 hours ago verified publisher icon kyverno

Export policy violations to AWS Security Hub

Open pealtrufo opened this issue 2 years ago • 3 comments

Hi,

I am exploring ways to export policy violations to AWS Security Hub. Is this something you've considered as part of this project? Are you aware of any other approach to achieve that?

Thanks!

pealtrufo avatar Sep 29 '22 12:09 pealtrufo

Hey, because I don't use AWS I am not aware of this tool. Do you have an API or something to consider? Then I am happy to have a look on it and how to implement it as new target.

fjogeleit avatar Sep 29 '22 12:09 fjogeleit

Hey @fjogeleit, there's this link to Security Hub API reference: https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html

I am not very familiar with it either myself. I've seen Trivy does support integration with Security Hub, and what they do is generating a report with format ASFF, which then can be pushed to Security Hub https://github.com/aquasecurity/trivy/blob/main/docs/tutorials/integrations/aws-security-hub.md

pealtrufo avatar Sep 29 '22 17:09 pealtrufo

thanks, I will check it in the upcoming weeks and if there is a good way to integrate it

fjogeleit avatar Sep 29 '22 20:09 fjogeleit

First draft of the AWS securityhub integration. Its a new target which pushes new results to the security hub via the AWS SDK

Bildschirm­foto 2023-04-09 um 16 40 50 Bildschirm­foto 2023-04-09 um 16 41 04 Bildschirm­foto 2023-04-09 um 16 41 23

fjogeleit avatar Apr 09 '23 14:04 fjogeleit