Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings
Discussion options

advissor
Jul 11, 2022

Hi,

In AWS Console, in Security Hub it is possible to see the overall status of the Standard & as well Download the Report
With Overall status ( based on all resource checks for a specific control)

https://docs.aws.amazon.com/securityhub/latest/userguide/control-finding-list.html

Via CLI or API I don't see such a possibility

Seems, it always returns a list of individual findings and their compliance status
But, but not the aggregated report that AWS provides

get-findings call is the List of Findings and Compliance.Status for every Status
describe-controls -> has no compliance status...just descriptions

https://docs.aws.amazon.com/securityhub/latest/userguide/controls-overall-status.html

Based on some reverse engineering , they use "internalAPI.listControlEvaluationSummaries" in their FE aws beta js sdk
Any ideas how to achieve it?
You must be logged in to vote
Answered by aBurmeseDev Jul 11, 2022

Hi @advissor, thanks for reaching out.
For viewing “the overall status of the standard”, I’d recommend to try describe-standards-controls as mentioned here.
Also, you could download the output to a json file from the command line using --output json. Please refer to the doc here and let me know if that helps.

View full answer

Replies: 2 comments · 4 replies

Comment options

aBurmeseDev
Jul 11, 2022

Hi @advissor, thanks for reaching out.
For viewing “the overall status of the standard”, I’d recommend to try describe-standards-controls as mentioned here.
Also, you could download the output to a json file from the command line using --output json. Please refer to the doc here and let me know if that helps.
You must be logged in to vote
4 replies
@advissor
Comment options

advissor Jul 12, 2022
Author

@aBurmeseDev but that is not an "overall" controls report
It just says metadata and if it is enabled & its severity

I need that report that is available for Download via AWS Console
Which contains overall status of standard + controls + passed/failed checks

describe-standards-controls doesn't have any compliance status and no info on checks
@aBurmeseDev
Comment options

aBurmeseDev Jul 12, 2022

Thanks for the clarification. I reached out to SecurityHub team regarding this request and will post an update when I hear back.
P67773782
@aBurmeseDev
Comment options

aBurmeseDev Jul 14, 2022

Hi @advissor, the service team provided an update that they have an existing backlog item for this as feature request. I will post here when I hear any more updates and feel free to check back in for updates!
@kymcharlesworth-srg
Comment options

kymcharlesworth-srg May 16, 2025

Don't hold your breath. To be blunt, Security Hub was flaky four yours ago and hasn't improved since. The 'backlog' never moves and that tells me the Security Hub service team has very few people in it.
Answer selected by tim-finnigan
Comment options

jcallen-tsb
Jan 11, 2024

@aBurmeseDev , I have the same need. This appears to have been on the backlog for 18 months. Any update?
You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
🙏
Q&A
Labels
None yet
4 participants
@advissor @aBurmeseDev @jcallen-tsb @kymcharlesworth-srg
Morty Proxy This is a proxified and sanitized view of the page, visit original site.