Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
aws-securityhub-export-findings
#!/bin/bash
# Reads a list of profile names from a file in the local directory. Example provided.
set -e
# If a profiles.txt file doesn't exist in the current dir, fail.
[[ -f profiles.txt ]] && echo "profiles.txt found, continuing..." || echo "Please provide a profiles.txt with profile names separated by new lines."
today=$(date -I)
while read -r profile_name ; do
mkdir -p findings/${today}/${profile_name}
for SEVERITY_LEVEL in CRITICAL HIGH MEDIUM LOW ; do
for STATUS in FAILED WARNING ; do
aws --profile $profile_name securityhub get-findings \
--filter 'SeverityLabel={Value='${SEVERITY_LEVEL}',Comparison=EQUALS},ComplianceStatus={Value='${STATUS}',Comparison=EQUALS}' \
--max-items=1000 >> findings/${today}/${profile_name}/${SEVERITY_LEVEL}.findings
done
done
done < profiles.txt
set +e
blah-aws-dev-admin
blah-aws-prod-admin
blah-aws-log-admin
blah-aws-sec-admin
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment