Skip to content

feat: Export findings to AWS Security Hub in ASFF format #36

Description

@vivekmittal514

Summary

Teams using AWS Security Hub as their centralized security posture dashboard should be able to ingest findings from this tool automatically without manual import.

Proposed Change

After assessment completes, optionally push findings to Security Hub using the AWS Security Finding Format (ASFF). This should be opt-in via a SAM/CloudFormation parameter.

Files Likely Touched

  • New Lambda function or addition to generate_consolidated_report — batch import via boto3.client('securityhub').batch_import_findings()
  • aiml-security-assessment/template.yaml — add optional EnableSecurityHubExport parameter and IAM permission for securityhub:BatchImportFindings
  • aiml-security-assessment/statemachine/ — wire optional Security Hub export step
  • docs/ — document the new parameter and setup steps for Security Hub custom product

Acceptance Criteria

  • New opt-in SAM parameter EnableSecurityHubExport (default: false)
  • When enabled, findings are pushed to Security Hub post-assessment in ASFF format
  • Product ARN and generator ID clearly identify findings as originating from this tool
  • IAM policy for export is least-privilege and only attached when the parameter is enabled
  • Findings include severity mapping aligned with ASFF Severity.Label (INFORMATIONAL / LOW / MEDIUM / HIGH / CRITICAL)

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requesthelp wantedExtra attention is needed

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions