Data retrieval APIs for AWS Security Hub
AWS Security Hub provides the following APIs for data retrieval.
Actions | Description | Access level |
---|---|---|
BatchGetAutomationRules | Retrieve a list of details for automation rules from Security Hub based on rule Amazon Resource Names (ARNs) | Read |
BatchGetConfigurationPolicyAssociations | Retrieve information about configuration policies associated with a specific list of member accounts and organizational units of the calling account's organization | Read |
BatchGetControlEvaluations | Get the enablement and compliance status of controls, the findings count for controls, and the overall security score for controls on the Security Hub console | Read |
BatchGetSecurityControls | Get details about specific security controls identified by ID or ARN | Read |
BatchGetStandardsControlAssociations | Get the enablement status of a batch of security controls in standards | Read |
DescribeActionTargets | Retrieve a list of custom actions using the API | Read |
DescribeHub | Retrieve information about the hub resource in your account | Read |
DescribeOrganizationConfiguration | Describe the organization configuration for Security Hub | Read |
DescribeProducts | Retrieve information about the available Security Hub product integrations | Read |
DescribeProductsV2 | Retrieve information about the available Security Hub V2 product integrations | Read |
DescribeSecurityHubV2 | Retrieve information about the hub V2 resource in your account | Read |
DescribeStandards | Retrieve information about Security Hub standards | Read |
DescribeStandardsControls | Retrieve information about Security Hub standards controls | Read |
GetAdhocInsightResults | Retrieve aggregated statistical data about the findings | Read |
GetAdministratorAccount | Retrieve details about the Security Hub administrator account | Read |
GetAggregatorV2 | Retrieve details for an aggregatorV2, which configures data aggregation across Regions | Read |
GetAutomationRuleV2 | Retrieve details for an automation rule V2 from Security Hub based on rule Amazon Resource Name (ARN) | Read |
GetConfigurationPolicy | Get a complete overview of one configuration policy created by the calling account | Read |
GetConfigurationPolicyAssociation | Retrieve information about a configuration policy associated with a member account or organizational unit of the calling account's organization | Read |
GetConnectorV2 | Retrieve details for a connector V2 from Security Hub based on connector id | Read |
GetControlFindingSummary | Retrieve a security score and counts of finding and control statuses for a security standard | Read |
GetEnabledStandards | Retrieve a list of the standards that are enabled in Security Hub | List |
GetFindingAggregator | Retrieve details for a finding aggregator, which configures finding aggregation across Regions | Read |
GetFindingHistory | Retrieve a list of finding history from Security Hub | Read |
GetFindings | Retrieve a list of findings from Security Hub | Read |
GetFreeTrialEndDate | Retrieve the end date for an account's free trial of Security Hub | Read |
GetFreeTrialUsage | Retrieve information about Security Hub usage during the free trial period | Read |
GetInsightFindingTrend | Retrieve an insight finding trend from Security Hub in order to generate a graph | Read |
GetInsightResults | Retrieve insight results from Security Hub | Read |
GetInsights | Retrieve Security Hub insights | List |
GetInvitationsCount | Retrieve the count of Security Hub membership invitations sent to the account | Read |
GetMasterAccount | Retrieve details about the Security Hub master account | Read |
GetMembers | Retrieve the details of Security Hub member accounts | Read |
GetResourcesStatisticsV2 | Retrieve aggregate statistics about resources | Read |
GetResourcesV2 | Retrieve a list of resources | Read |
GetSecurityControlDefinition | Get the definition details of a specific security control identified by ID | Read |
GetUsage | Retrieve information about Security Hub usage by accounts | Read |
ListAggregatorsV2 | Retrieve a list of aggregatorsV2, which configures data aggregation across Regions | List |
ListAutomationRules | Retrieve a list of automation rules and their metadata for the calling account from Security Hub | List |
ListAutomationRulesV2 | Retrieve a list of automation rules V2 and their metadata for the calling account from Security Hub | List |
ListConfigurationPolicies | List the summaries of all configuration policies created by the calling account | List |
ListConfigurationPolicyAssociations | Retrieve information about all configuration policies associationed with all member accounts and organizational units of the calling account's organization | List |
ListConnectorsV2 | Retrieve a list of connectors V2 and their metadata for the calling account from Security Hub | List |
ListControlEvaluationSummaries | Retrieve a list of controls for a standard, including the control IDs, statuses and finding counts | Read |
ListEnabledProductsForImport | Retrieve the Security Hub integrated products that are currently enabled | List |
ListFindingAggregators | Retrieve a list of finding aggregators, which contain the cross-Region finding aggregation configuration | List |
ListInvitations | Retrieve the Security Hub invitations sent to the account | List |
ListMembers | Retrieve details about Security Hub member accounts associated with the administrator account | List |
ListOrganizationAdminAccounts | List the Security Hub administrator accounts for your organization | List |
ListSecurityControlDefinitions | Retrieve a list of security control definitions, which contain details for security controls in the current region | List |
ListStandardsControlAssociations | List the enablement status of a security control in standards | List |
ListTagsForResource | List of tags associated with a resource | Read |
SendFindingEvents | Use a custom action to send Security Hub findings to Amazon EventBridge | Read |
SendInsightEvents | Use a custom action to send Security Hub insights to Amazon EventBridge | Read |