Class SecurityHubConfig

SecurityConfig / CentralSecurityServicesConfig / SecurityHubConfig

https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html | AWS Security Hub configuration Use this configuration to enable Amazon Security Hub for an AWS Organization along with it's auditing configuration.

Example

securityHub:
    enable: true
    regionAggregation: true
    excludeRegions: []
    standards:
      - name: AWS Foundational Security Best Practices v1.0.0
        deploymentTargets:
         organizationalUnits:
           -  Root
        enable: true
        controlsToDisable:
          - IAM.1
          - EC2.10

Hierarchy

  • SecurityHubConfig

Implements

Constructors

constructor

Properties

enable excludeRegions notificationLevel regionAggregation snsTopicName standards

Constructors

constructor

Properties

Readonly enable

enable: false = false

Indicates whether AWS Security Hub enabled.

Readonly excludeRegions

excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ca-central-1" | "eu-central-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-north-1" | "eu-south-1" | "eu-south-2" | "me-central-1" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-west-1" | "us-west-2" | "cn-north-1" | "cn-northwest-1" | "eu-central-2" | "ap-south-2" | "us-gov-west-1" | "us-gov-east-1" | "us-iso-east-1" | "us-iso-west-1" | "us-isob-east-1" | "ap-southeast-4")[] = []

(OPTIONAL) List of AWS Region names to be excluded from configuring Security Hub

Readonly notificationLevel

notificationLevel: undefined = undefined

(OPTIONAL) Security Hub notification level

Remarks

Note: Values accepted are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL

Notifications will be sent for events at the Level provided and above Example, if you specify the HIGH level notifications will be sent for HIGH and CRITICAL

Readonly regionAggregation

regionAggregation: false = false

(OPTIONAL) Indicates whether Security Hub results are aggregated in the Home Region.

Readonly snsTopicName

snsTopicName: undefined = undefined

(OPTIONAL) SNS Topic for Security Hub notifications.

Remarks

Note: Topic must exist in the global config

Readonly standards

standards: SecurityHubStandardConfig[] = []

Security Hub standards configuration

Settings

Member Visibility

Theme

Generated using TypeDoc