creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
1cffd664f555699d8e2b46f5ea94edaaa520f721
Anthropic-Cybersecurity-Skills/skills/implementing-aws-security-hub/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

52 lines
2.3 KiB
Markdown
Raw Blame History

# API Reference: Implementing AWS Security Hub
## Libraries
### boto3 -- AWS Security Hub
- **Install**: `pip install boto3`
- **Docs**: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/securityhub.html
### Key Methods
| Method | Description |
|--------|-------------|
| `enable_security_hub()` | Activate Security Hub in an account |
| `batch_enable_standards()` | Enable compliance standards (CIS, FSBP, PCI) |
| `get_enabled_standards()` | List enabled standards and their status |
| `get_findings()` | Retrieve security findings with filters |
| `batch_update_findings()` | Update finding status (resolve, suppress) |
| `batch_import_findings()` | Import custom findings in ASFF format |
| `create_insight()` | Create custom aggregation insight |
| `create_finding_aggregator()` | Enable cross-region finding aggregation |
| `enable_organization_admin_account()` | Designate delegated admin |
| `update_organization_configuration()` | Auto-enable for org members |
| `create_action_target()` | Create custom remediation action |
## Standard ARNs
| Standard | ARN Pattern |
|----------|------------|
| CIS v5.0 | `arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/5.0.0` |
| FSBP v1.0 | `arn:aws:securityhub:{region}::standards/aws-foundational-security-best-practices/v/1.0.0` |
| PCI DSS 3.2.1 | `arn:aws:securityhub:{region}::standards/pci-dss/v/3.2.1` |
| NIST 800-53 r5 | `arn:aws:securityhub:{region}::standards/nist-800-53/v/5.0.0` |
## ASFF Finding Format (Key Fields)
- `SchemaVersion`: `"2018-10-08"`
- `Id`: Unique finding identifier
- `ProductArn`: Source product ARN
- `Severity.Label`: CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL
- `Compliance.Status`: PASSED, FAILED, WARNING, NOT_AVAILABLE
- `Resources[]`: Affected AWS resources
- `Workflow.Status`: NEW, NOTIFIED, RESOLVED, SUPPRESSED
## EventBridge Integration
- Source: `aws.securityhub`
- Detail type: `Security Hub Findings - Imported`
- Filter by: `Severity.Label`, `Compliance.Status`, `GeneratorId`
## External References
- Security Hub User Guide: https://docs.aws.amazon.com/securityhub/latest/userguide/
- ASFF Syntax: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html
- Security Hub Controls: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-controls-reference.html
Reference in New Issue View Git Blame Copy Permalink