Filtering and sorting controls in Security Hub - AWS Security Hub

Filtering and sorting controls in Security Hub

On the Controls page of the AWS Security Hub console, you can see a list of all supported controls. You can also filter and sort the list to focus on a specific subset of controls.

The Filter by options next to the list of controls let you quickly focus on these specific subsets:

  • All enabled controls (controls that are enabled in at least one enabled standard)

  • All disabled controls (controls that are disabled in all standards).

  • For enabled controls, those with a specific control status (Failed, Passed, Unknown, or No data). No data controls are those with no findings. For more information about control status, see Evaluating compliance status and control status in Security Hub.

In addition to the Filter by options, you can filter the controls lists by entering filters in the Filter controls search box. For example, you can filter by control ID or severity.

Tip

If you have automated workflows based on control findings, we recommend using the SecurityControlId or SecurityControlArn ASFF fields as filters, rather than Title or Description. The latter fields can change occasionally, whereas the control ID and ARN are static identifiers.

If you're signed in to a Security Hub administrator account, Enabled controls include those that are enabled in at least one member account. If you have set an aggregation Region, Enabled controls include those that are enabled in at least one linked Region.

By default, the controls with Failed status are listed first, sorted by decreasing severity. You can change the default sorting by choosing a different option in the column headers.

Choosing the option next to the control brings up a side panel which displays the standards in which the control is currently enabled. You can also see the standards in which the control is currently disabled. From this panel, you can disable a control by disabling it in all standards. For instructions on enabling and disabling controls across standards, see Enabling controls in Security Hub. For administrator accounts, the information presented in the side panel reflects all member accounts.

On the Security Hub API, use the ListSecurityControlDefinitions operation to get back a list of control IDs. After you have the relevant control IDs, use the BatchGetSecurityControls operation to get data about that subset of controls in the current AWS account and AWS Region.