Security Hub examples using Tools for PowerShell V5 - Amazon Tools for PowerShell (version 5)
Actions
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Version 5 (V5) of the Amazon Tools for PowerShell has been released!

For information about breaking changes and migrating your applications, see the migration topic.

Security Hub examples using Tools for PowerShell V5

The following code examples show you how to perform actions and implement common scenarios by using the Amazon Tools for PowerShell V5 with Security Hub.

Actions are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios.

Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context.

Topics

Actions

The following code example shows how to use Get-SHUBFinding.

Tools for PowerShell V5

Example 1: This command retrieves Security Hub findings from Amazon EC2; service.

$filter = New-Object -TypeName Amazon.SecurityHub.Model.AwsSecurityFindingFilters
$filter.ResourceType = New-Object -TypeName Amazon.SecurityHub.Model.StringFilter -Property @{
    Comparison = 'PREFIX'
    Value = 'AwsEc2'
}
Get-SHUBFinding -Filter $filter

Example 2: This command retrieves Security Hub findings from Amazon account ID 123456789012.

$filter = New-Object -TypeName Amazon.SecurityHub.Model.AwsSecurityFindingFilters
$filter.AwsAccountId = New-Object -TypeName Amazon.SecurityHub.Model.StringFilter -Property @{
    Comparison = 'EQUALS'
    Value = '123456789012'
}
Get-SHUBFinding -Filter $filter

Example 3: This command retrieves Security Hub findings generated for standard "pci-dss".

$filter = New-Object -TypeName Amazon.SecurityHub.Model.AwsSecurityFindingFilters
$filter.GeneratorId = New-Object -TypeName Amazon.SecurityHub.Model.StringFilter -Property @{
    Comparison = 'PREFIX'
    Value = 'pci-dss'
}
Get-SHUBFinding -Filter $filter

Example 4: This command retrieves Security Hub critical-severity findings that have a workflow status of NOTIFIED.

$filter = New-Object -TypeName Amazon.SecurityHub.Model.AwsSecurityFindingFilters
$filter.SeverityLabel = New-Object -TypeName Amazon.SecurityHub.Model.StringFilter -Property @{
    Comparison = 'EQUALS'
    Value = 'CRITICAL'
}
$filter.WorkflowStatus = New-Object -TypeName Amazon.SecurityHub.Model.StringFilter -Property @{
    Comparison = 'EQUALS'
    Value = 'NOTIFIED'
}
Get-SHUBFinding -Filter $filter

  • For API details, see GetFindings in Amazon Tools for PowerShell Cmdlet Reference (V5).