insights
Creates, updates, deletes or gets an insight resource or lists insights in a region
Overview
| Name | insights |
| Type | Resource |
| Description | The AWS::SecurityHub::Insight resource represents the AWS Security Hub Insight in your account. An AWS Security Hub insight is a collection of related findings. |
| Id | awscc.securityhub.insights |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
insight_arn | string | The ARN of a Security Hub insight |
name | string | The name of a Security Hub insight |
filters | object | One or more attributes used to filter the findings included in the insight |
group_by_attribute | string | The grouping attribute for the insight's findings |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
insight_arn | string | The ARN of a Security Hub insight |
region | string | AWS region. |
For more information, see AWS::SecurityHub::Insight.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | insights | INSERT | Filters, Name, GroupByAttribute, region |
delete_resource | insights | DELETE | Identifier, region |
update_resource | insights | UPDATE | Identifier, PatchDocument, region |
list_resources | insights_list_only | SELECT | region |
get_resource | insights | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual insight.
SELECT
region,
insight_arn,
name,
filters,
group_by_attribute
FROM awscc.securityhub.insights
WHERE
region = 'us-east-1' AND
Identifier = '{{ insight_arn }}';
Lists all insights in a region.
SELECT
region,
insight_arn
FROM awscc.securityhub.insights_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new insight resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.securityhub.insights (
Name,
Filters,
GroupByAttribute,
region
)
SELECT
'{{ name }}',
'{{ filters }}',
'{{ group_by_attribute }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.securityhub.insights (
Name,
Filters,
GroupByAttribute,
region
)
SELECT
'{{ name }}',
'{{ filters }}',
'{{ group_by_attribute }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: insight
props:
- name: name
value: '{{ name }}'
- name: filters
value:
product_arn:
- comparison: '{{ comparison }}'
value: '{{ value }}'
aws_account_id:
- null
aws_account_name:
- null
id:
- null
generator_id:
- null
type:
- null
region:
- null
first_observed_at:
- date_range:
unit: '{{ unit }}'
value: null
end: '{{ end }}'
start: null
last_observed_at:
- null
created_at:
- null
updated_at:
- null
severity_label:
- null
confidence:
- eq: null
gte: null
lte: null
criticality:
- null
title:
- null
description:
- null
recommendation_text:
- null
source_url:
- null
product_fields:
- comparison: '{{ comparison }}'
key: null
value: null
product_name:
- null
company_name:
- null
user_defined_fields:
- null
malware_name:
- null
malware_type:
- null
malware_path:
- null
malware_state:
- null
network_direction:
- null
network_protocol:
- null
network_source_ip_v4:
- cidr: null
network_source_ip_v6:
- null
network_source_port:
- null
network_source_domain:
- null
network_source_mac:
- null
network_destination_ip_v4:
- null
network_destination_ip_v6:
- null
network_destination_port:
- null
network_destination_domain:
- null
process_name:
- null
process_path:
- null
process_pid:
- null
process_parent_pid:
- null
process_launched_at:
- null
process_terminated_at:
- null
threat_intel_indicator_type:
- null
threat_intel_indicator_value:
- null
threat_intel_indicator_category:
- null
threat_intel_indicator_last_observed_at:
- null
threat_intel_indicator_source:
- null
threat_intel_indicator_source_url:
- null
resource_type:
- null
resource_id:
- null
resource_partition:
- null
resource_region:
- null
resource_tags:
- null
resource_aws_ec2_instance_type:
- null
resource_aws_ec2_instance_image_id:
- null
resource_aws_ec2_instance_ip_v4_addresses:
- null
resource_aws_ec2_instance_ip_v6_addresses:
- null
resource_aws_ec2_instance_key_name:
- null
resource_aws_ec2_instance_iam_instance_profile_arn:
- null
resource_aws_ec2_instance_vpc_id:
- null
resource_aws_ec2_instance_subnet_id:
- null
resource_aws_ec2_instance_launched_at:
- null
resource_aws_s3_bucket_owner_id:
- null
resource_aws_s3_bucket_owner_name:
- null
resource_aws_iam_access_key_status:
- null
resource_aws_iam_access_key_created_at:
- null
resource_container_name:
- null
resource_container_image_id:
- null
resource_container_image_name:
- null
resource_container_launched_at:
- null
resource_details_other:
- null
compliance_status:
- null
verification_state:
- null
workflow_state:
- null
workflow_status:
- null
record_state:
- null
related_findings_product_arn:
- null
related_findings_id:
- null
resource_application_arn:
- null
resource_application_name:
- null
note_text:
- null
note_updated_at:
- null
note_updated_by:
- null
sample:
- value: '{{ value }}'
compliance_associated_standards_id:
- null
compliance_security_control_id:
- null
compliance_security_control_parameters_name:
- null
compliance_security_control_parameters_value:
- null
finding_provider_fields_confidence:
- null
finding_provider_fields_criticality:
- null
finding_provider_fields_related_findings_id:
- null
finding_provider_fields_related_findings_product_arn:
- null
finding_provider_fields_severity_label:
- null
finding_provider_fields_severity_original:
- null
finding_provider_fields_types:
- null
resource_aws_iam_access_key_principal_name:
- null
resource_aws_iam_user_user_name:
- null
vulnerabilities_exploit_available:
- null
vulnerabilities_fix_available:
- null
keyword:
- value: null
resource_aws_iam_access_key_user_name:
- null
severity_normalized:
- null
severity_product:
- null
- name: group_by_attribute
value: null
UPDATE example
Use the following StackQL query and manifest file to update a insight resource, using stack-deploy.
/*+ update */
UPDATE awscc.securityhub.insights
SET PatchDocument = string('{{ {
"Name": name,
"Filters": filters,
"GroupByAttribute": group_by_attribute
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ insight_arn }}';
DELETE example
/*+ delete */
DELETE FROM awscc.securityhub.insights
WHERE
Identifier = '{{ insight_arn }}' AND
region = 'us-east-1';
Permissions
To operate on the insights resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
securityhub:CreateInsight
securityhub:GetInsights
securityhub:UpdateInsight
securityhub:GetInsights,
securityhub:DeleteInsight
securityhub:GetInsights