Reviewing details for attack sequences in the Security Hub console Reviewing details for attack sequence findings with the API

Reviewing details for attack sequence findings

Note

Security Hub is in preview release and is subject to change.

This topic describes how to review details about attack sequence findings in the Security Hub console and with the API.

Reviewing details for attack sequences in the Security Hub console

The following describes how to review details for attack sequences in the Security Hub console:

To review attack sequence findings in the console

Sign in using your credentials, and open the Security Hub console at https://console.aws.amazon.com/securityhub/v2/home?region=us-east-1.
From the navigation pane, choose Threats.
From the list of attack sequence findings, choose the attack sequence finding you want to view details for.

Reviewing details for attack sequence findings with the API

You can review attack sequence findings with the GetFindingsV2 API or the AWS CLI. You can filter results with the FindingProviderFields parameter and by providing a filter value of TTPs/AttackSequence if you only want to return attack sequence findings. You can filter by other fields to narrow down results.

Example command

The following is a AWS CLI example that retrieves the 10 most recently generated attack sequence findings in your account. The example is formatted for Linux, macOS, and Unix, and the backslash character (\) is used to improve readability.


$ aws securityhub get-findings-v2 \
--filters '{"FindingProviderFieldsTypes":[{"Value": "TTPs/AttackSequence","Comparison":"PREFIX"}]}' \
--sort-criteria '{ "Field": "LastObservedAt", "SortOrder": "desc"}' \
--max-items 10

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Reviewing attack sequence findings

Remediating attack sequence findings