Skip to content

Instantly share code, notes, and snippets.

@lordjabez
Created June 6, 2025 01:55
Show Gist options
  • Save lordjabez/22c3a9e8822795643473b8dd8e0bbd29 to your computer and use it in GitHub Desktop.
Save lordjabez/22c3a9e8822795643473b8dd8e0bbd29 to your computer and use it in GitHub Desktop.
Get AWS Security Hub findings
#!/usr/bin/env python3
import csv
import sys
import boto3
# USAGE: ./get-security-findings.py severity1,severity2 findings.csv
severities = sys.argv[1].split(',')
findings_filename = sys.argv[2]
security_hub_client = boto3.client('securityhub')
def get_finding(finding):
updated_at = finding['CreatedAt']
title = finding['Title']
severity = finding['Severity']['Label'].capitalize()
vulnerabilities = finding.get('Vulnerabilities', [])
fix_available = all(v['FixAvailable'] == 'YES' for v in vulnerabilities)
resources = ' '.join(r['Id'] for r in finding['Resources'])
return updated_at, title, severity, fix_available, resources
filters = {
'RecordState': [{'Comparison': 'EQUALS', 'Value': 'ACTIVE'}],
'WorkflowState': [{'Comparison': 'EQUALS', 'Value': 'NEW'}],
'SeverityLabel': [{'Comparison': 'EQUALS', 'Value': s.upper()} for s in severities],
}
sort_criteria = [
{'Field': 'SeverityNormalized', 'SortOrder': 'desc'},
{'Field': 'CreatedAt', 'SortOrder': 'asc'},
]
findings_paginator = security_hub_client.get_paginator('get_findings')
findings_pages = findings_paginator.paginate(Filters=filters, SortCriteria=sort_criteria)
findings = (f for fp in findings_pages for f in fp['Findings'])
findings = (get_finding(f) for f in findings)
with open(findings_filename, 'w') as findings_file:
writer = csv.writer(findings_file)
writer.writerow(('created_at', 'title', 'severity', 'fix_available', 'resources'))
writer.writerows(findings)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment