creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-aws-security-hub-compliance/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

59 lines
2.3 KiB
Markdown
Raw Blame History

# API Reference: Implementing AWS Security Hub Compliance
## Libraries
### boto3 -- Security Hub + S3 Remediation
- **Install**: `pip install boto3`
- **Docs**: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/securityhub.html
### Key Security Hub Methods
| Method | Description |
|--------|-------------|
| `enable_security_hub()` | Enable Security Hub with standards |
| `batch_enable_standards()` | Enable CIS, FSBP, PCI DSS, NIST |
| `get_findings()` | Query findings with compliance filters |
| `batch_update_findings()` | Update workflow status and add notes |
| `create_insight()` | Custom compliance aggregation views |
| `create_finding_aggregator()` | Cross-region consolidation |
| `enable_organization_admin_account()` | Org-wide admin delegation |
| `update_organization_configuration()` | Auto-enable for new accounts |
### Key S3 Remediation Methods
| Method | Description |
|--------|-------------|
| `put_public_access_block()` | Block all public access on bucket |
| `get_bucket_encryption()` | Check encryption configuration |
| `put_bucket_encryption()` | Enable default SSE-S3 or SSE-KMS |
## Finding Filters
| Filter Field | Values |
|-------------|--------|
| `ComplianceStatus` | PASSED, FAILED, WARNING, NOT_AVAILABLE |
| `SeverityLabel` | CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL |
| `WorkflowStatus` | NEW, NOTIFIED, RESOLVED, SUPPRESSED |
| `RecordState` | ACTIVE, ARCHIVED |
| `GeneratorId` | Standard-specific prefix for filtering |
## Compliance Standards
| Standard | Generator ID Prefix |
|----------|-------------------|
| AWS FSBP | `aws-foundational-security-best-practices` |
| CIS AWS | `cis-aws-foundations-benchmark` |
| PCI DSS | `pci-dss` |
| NIST 800-53 | `nist-800-53` |
## EventBridge Auto-Remediation Pattern
- Source: `aws.securityhub`
- Detail type: `Security Hub Findings - Imported`
- Target: Lambda function for automated fix
- Best practice: Only auto-remediate safe controls (S3 public access, encryption)
## External References
- Security Hub Compliance: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards.html
- ASFF Reference: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html
- Auto-Remediation Patterns: https://aws.amazon.com/blogs/security/automated-response-and-remediation-with-aws-security-hub/
Reference in New Issue View Git Blame Copy Permalink