Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Security Hub

Radzhiv Apasov August 16, 2023

Hello all, I want to extract specific information from the Resources array in AWS Security Hub findings and use this information to create more detailed alerts in Opsgenie. I want to include details like the resource type, region, ID, or Details. I know that I can use get(int index) something like Findings.get(0), but what if I want to get resources in the findings and ID or details of resources? 

1 answer

2 votes
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 18, 2023

Hi @Radzhiv Apasov 

I found there is a feature request that I think matches your description over in OPSGENIE-734 The workaround on that issue suggests that regular expressions can be used for customizing and filtering alerts.  However in the current state I don't believe there is a clear way to include that data.

Radzhiv Apasov August 22, 2023

Hello @Andy Heinzer , thank you for your help, I tried  {{_parsedData.findings.substringBetween("Resources=[{","}]") }}

 

and I got "Partition=aws, Type=AwsRdsDbCluster, Details={AwsRdsDbCluster={StorageEncrypted=true, ClusterCreateTime=2023-08-22T12:53:42.289Z, ActivityStreamStatus=stopped, HttpEndpointEnabled=false, EngineMode=provisioned, Port=5432, DbClusterResourceId=cluster-fjfjfgfjgfjgf, VpcSecurityGroups=[{Status=active, VpcSecurityGroupId=sg-087086795565858"

so very close, do you know is it any other way to get this as a regular text not json? I actually need only Id within findings-->Resources  or actually info I provided but not in json

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events