Filtering and sorting the list of controls
On the Controls page, you can see a list of your controls. You can filter and sort the list to focus on a specific subset of controls.
-
All enabled (controls that are enabled in at least one enabled standard)
-
Failed (controls with a
Failed
status) -
Unknown (controls with an
Unknown
status) -
Passed (controls with a
Passed
status) -
Disabled (controls that are disabled in all standards)
-
No data (controls with no findings)
-
All (all controls, both enabled and disabled, and without regard to control status or findings count)
For more information about control status, see Compliance status and control status.
If you're using the integration with Amazon Organizations and are logged in to the Amazon Security Hub administrator account, the All enabled tab includes controls that are enabled in at least one member account. If you have set an aggregation Region, the All enabled tab includes controls that are enabled in at least one linked Region.
The Failed tab is displayed by default. On each tab, the controls are by default sorted by severity, from Critical to Low. You can also sort controls by control ID, compliance status, severity, or the number of failed checks. The search bar allows you to search for specific controls.
Tip
If you have automated workflows based on control findings, we recommend using the
SecurityControlId
or SecurityControlArn
ASFF fields as filters, rather than
Title
or Description
. The latter fields can change
occasionally, whereas the control ID and ARN are static identifiers.
Choosing the option next to the control brings up a side panel which displays the standards in which the control is currently enabled. You can also see the standards in which the control is currently disabled. From this panel, you can disable a control by disabling it in all standards. For more information about enabling and disabling controls across standards, see Enabling and disabling controls in all standards. For administrator accounts, the information presented in the side panel reflects all member accounts.
On the Security Hub API, run
to get
back a list of control IDs. Once you have the control IDs you are interested in, run ListSecurityControlDefinitions
to get data
about that subset of controls for the current Amazon Web Services account and Amazon Web Services Region.BatchGetSecurityControls