Summary
Teams using AWS Security Hub as their centralized security posture dashboard should be able to ingest findings from this tool automatically without manual import.
Proposed Change
After assessment completes, optionally push findings to Security Hub using the AWS Security Finding Format (ASFF). This should be opt-in via a SAM/CloudFormation parameter.
Files Likely Touched
- New Lambda function or addition to
generate_consolidated_report — batch import via boto3.client('securityhub').batch_import_findings()
aiml-security-assessment/template.yaml — add optional EnableSecurityHubExport parameter and IAM permission for securityhub:BatchImportFindings
aiml-security-assessment/statemachine/ — wire optional Security Hub export step
docs/ — document the new parameter and setup steps for Security Hub custom product
Acceptance Criteria
Summary
Teams using AWS Security Hub as their centralized security posture dashboard should be able to ingest findings from this tool automatically without manual import.
Proposed Change
After assessment completes, optionally push findings to Security Hub using the AWS Security Finding Format (ASFF). This should be opt-in via a SAM/CloudFormation parameter.
Files Likely Touched
generate_consolidated_report— batch import viaboto3.client('securityhub').batch_import_findings()aiml-security-assessment/template.yaml— add optionalEnableSecurityHubExportparameter and IAM permission forsecurityhub:BatchImportFindingsaiml-security-assessment/statemachine/— wire optional Security Hub export stepdocs/— document the new parameter and setup steps for Security Hub custom productAcceptance Criteria
EnableSecurityHubExport(default:false)Severity.Label(INFORMATIONAL / LOW / MEDIUM / HIGH / CRITICAL)