Open chrisberkhout opened 4 months ago
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
Requested by @crocswithsocks in https://github.com/elastic/integrations/pull/9705#issuecomment-2077689294
Internal enhancement request number: 21464. This is also somewhat related to https://github.com/elastic/integrations/pull/9705.
Our AWS integration can collect insights and findings from AWS Security Hub.
For insights, we use the
GetInsights
endpoint of the Security Hub API, and receive all custom insights, since we don't request specific ARNs. However, there are also managed insights, which will only be returned if they are requested by ARN.There are 35 managed insight ARNs listed in the AWS Security Hub documentation. Our integration could make request for a hard-coded list of managed insight URNs. (The API doesn't provide any way to list managed insight ARNs).
Note that this would need to be implemented with separate requests for the managed insights (requested by ARN) and the custom insights (requested without ARNs).