insights
Creates, updates, deletes or gets an insight resource or lists insights in a region
Overview
| Name | insights |
| Type | Resource |
| Description | The AWS::SecurityHub::Insight resource represents the AWS Security Hub Insight in your account. An AWS Security Hub insight is a collection of related findings. |
| Id | aws.securityhub.insights |
Fields
| Name | Datatype | Description |
|---|---|---|
insight_arn | string | The ARN of a Security Hub insight |
name | string | The name of a Security Hub insight |
filters | object | One or more attributes used to filter the findings included in the insight |
group_by_attribute | string | The grouping attribute for the insight's findings |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | Filters, Name, GroupByAttribute, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all insights in a region.
SELECT
region,
insight_arn,
name,
filters,
group_by_attribute
FROM aws.securityhub.insights
WHERE region = 'us-east-1';
Gets all properties from an individual insight.
SELECT
region,
insight_arn,
name,
filters,
group_by_attribute
FROM aws.securityhub.insights
WHERE region = 'us-east-1' AND data__Identifier = '<InsightArn>';
INSERT example
Use the following StackQL query and manifest file to create a new insight resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.securityhub.insights (
Name,
Filters,
GroupByAttribute,
region
)
SELECT
'{{ Name }}',
'{{ Filters }}',
'{{ GroupByAttribute }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.securityhub.insights (
Name,
Filters,
GroupByAttribute,
region
)
SELECT
'{{ Name }}',
'{{ Filters }}',
'{{ GroupByAttribute }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: insight
props:
- name: Name
value: '{{ Name }}'
- name: Filters
value:
ProductArn:
- Comparison: '{{ Comparison }}'
Value: '{{ Value }}'
AwsAccountId:
- null
AwsAccountName:
- null
Id:
- null
GeneratorId:
- null
Type:
- null
Region:
- null
FirstObservedAt:
- DateRange:
Unit: '{{ Unit }}'
Value: null
End: '{{ End }}'
Start: null
LastObservedAt:
- null
CreatedAt:
- null
UpdatedAt:
- null
SeverityLabel:
- null
Confidence:
- Eq: null
Gte: null
Lte: null
Criticality:
- null
Title:
- null
Description:
- null
RecommendationText:
- null
SourceUrl:
- null
ProductFields:
- Comparison: '{{ Comparison }}'
Key: null
Value: null
ProductName:
- null
CompanyName:
- null
UserDefinedFields:
- null
MalwareName:
- null
MalwareType:
- null
MalwarePath:
- null
MalwareState:
- null
NetworkDirection:
- null
NetworkProtocol:
- null
NetworkSourceIpV4:
- Cidr: null
NetworkSourceIpV6:
- null
NetworkSourcePort:
- null
NetworkSourceDomain:
- null
NetworkSourceMac:
- null
NetworkDestinationIpV4:
- null
NetworkDestinationIpV6:
- null
NetworkDestinationPort:
- null
NetworkDestinationDomain:
- null
ProcessName:
- null
ProcessPath:
- null
ProcessPid:
- null
ProcessParentPid:
- null
ProcessLaunchedAt:
- null
ProcessTerminatedAt:
- null
ThreatIntelIndicatorType:
- null
ThreatIntelIndicatorValue:
- null
ThreatIntelIndicatorCategory:
- null
ThreatIntelIndicatorLastObservedAt:
- null
ThreatIntelIndicatorSource:
- null
ThreatIntelIndicatorSourceUrl:
- null
ResourceType:
- null
ResourceId:
- null
ResourcePartition:
- null
ResourceRegion:
- null
ResourceTags:
- null
ResourceAwsEc2InstanceType:
- null
ResourceAwsEc2InstanceImageId:
- null
ResourceAwsEc2InstanceIpV4Addresses:
- null
ResourceAwsEc2InstanceIpV6Addresses:
- null
ResourceAwsEc2InstanceKeyName:
- null
ResourceAwsEc2InstanceIamInstanceProfileArn:
- null
ResourceAwsEc2InstanceVpcId:
- null
ResourceAwsEc2InstanceSubnetId:
- null
ResourceAwsEc2InstanceLaunchedAt:
- null
ResourceAwsS3BucketOwnerId:
- null
ResourceAwsS3BucketOwnerName:
- null
ResourceAwsIamAccessKeyStatus:
- null
ResourceAwsIamAccessKeyCreatedAt:
- null
ResourceContainerName:
- null
ResourceContainerImageId:
- null
ResourceContainerImageName:
- null
ResourceContainerLaunchedAt:
- null
ResourceDetailsOther:
- null
ComplianceStatus:
- null
VerificationState:
- null
WorkflowState:
- null
WorkflowStatus:
- null
RecordState:
- null
RelatedFindingsProductArn:
- null
RelatedFindingsId:
- null
ResourceApplicationArn:
- null
ResourceApplicationName:
- null
NoteText:
- null
NoteUpdatedAt:
- null
NoteUpdatedBy:
- null
Sample:
- Value: '{{ Value }}'
ComplianceAssociatedStandardsId:
- null
ComplianceSecurityControlId:
- null
ComplianceSecurityControlParametersName:
- null
ComplianceSecurityControlParametersValue:
- null
FindingProviderFieldsConfidence:
- null
FindingProviderFieldsCriticality:
- null
FindingProviderFieldsRelatedFindingsId:
- null
FindingProviderFieldsRelatedFindingsProductArn:
- null
FindingProviderFieldsSeverityLabel:
- null
FindingProviderFieldsSeverityOriginal:
- null
FindingProviderFieldsTypes:
- null
ResourceAwsIamAccessKeyPrincipalName:
- null
ResourceAwsIamUserUserName:
- null
VulnerabilitiesExploitAvailable:
- null
VulnerabilitiesFixAvailable:
- null
Keyword:
- Value: null
ResourceAwsIamAccessKeyUserName:
- null
SeverityNormalized:
- null
SeverityProduct:
- null
- name: GroupByAttribute
value: null
DELETE example
/*+ delete */
DELETE FROM aws.securityhub.insights
WHERE data__Identifier = '<InsightArn>'
AND region = 'us-east-1';
Permissions
To operate on the insights resource, the following permissions are required:
Create
securityhub:CreateInsight
Read
securityhub:GetInsights
Update
securityhub:UpdateInsight
Delete
securityhub:GetInsights,
securityhub:DeleteInsight
List
securityhub:GetInsights