Closed jmello-pagseguro closed 1 week ago
Hello @jmello-pagseguro, thanks for creating the issue here.
To continue the conversation we had in Slack, as far as I can tell the above feature is not supported by AWS Security Hub right? At least it wasn't, so you have to send each finding to their correspondent AWS Security Hub region and then aggregate all the account’s region findings in one region to view all at once.
Regarding accounts you can delegate administrators in Security Hub to manage your organisation but I’m not sure if all the findings can be sent to single account since they are theoretically restricted by their ARN.
The AWS CLI documentation about the call batch-import-findings
states the following:
Maybe your use case can fit into the second but I'm not sure how it works internally in AWS.
We are closing this issue since the behaviour described above is not supported by AWS Security Hub, as discussed with the issue owner in the Prowler Community Slack at https://prowler-workspace.slack.com/archives/C0451NDLC4X/p1720027104962509.
New feature motivation
Hello everyone, I'm running prowler to get findings in multiple AWS Accounts using assume-role but now I'm trying to send those findins to Security-Hub but I need to send all of them to a specific account. I already use the parameter --role to specify each account i'm running the checks but will be interesting if we have a way to send all findings of all accounts to a centralized and specific "master" account only.
Solution Proposed
Implement a way to send all findings of all aws accounts to a only one security-hub on a specific account.
Describe alternatives you've considered
Perform all checks in multiple aws accounts but send findings to a specific one security-hub.
Additional context
No response