by John Lukach
Out of the box, AWS Security Hub provides an event bus that can collect findings from all regions in all accounts of the organization to a central aggregation point that works slick.
Delegating administration of AWS Security Hub to a dedicated account enables AWS Foundational Security Best Practices security standard.
Additionally, some integrations get enabled by default in each region.
AWS Security Hub pricing counts the number of checks and ingested findings. I could deploy an Amazon Event Bridge option. There is no point in re-inventing the wheel when managing the enabled security standards and integrations makes a cost-effective solution.
import boto3 securityhub = boto3.client('securityhub') paginator = securityhub.get_paginator('get_enabled_standards') pages = paginator.paginate() for page in pages: for subscriptions in page['StandardsSubscriptions']: securityhub.batch_disable_standards( StandardsSubscriptionArns = [ subscriptions['StandardsSubscriptionArn'] ] )
import boto3 securityhub = boto3.client('securityhub') paginator = securityhub.get_paginator('list_enabled_products_for_import') pages = paginator.paginate() for page in pages: for products in page['ProductSubscriptions']: parsed = products.split('/') if parsed != 'access-analyzer' and \ parsed != 'config' and parsed != 'health' and \ parsed != 'inspector' and parsed != 'securityhub': securityhub.disable_import_findings_for_product( ProductSubscriptionArn = products )