Security Hub Hub

Security Hub Hub in AWS provides details about the current Security Hub configuration for an account. It returns information such as the hub’s ARN, creation time, and whether the hub is enabled. This resource helps you understand the status of Security Hub, which centralizes and prioritizes security findings across AWS services and partner tools.

aws.securityhub_hub

Fields

TitleIDTypeData TypeDescription
_keycorestring
account_idcorestring
auto_enable_controlscoreboolWhether to automatically enable new controls when they are added to standards that are enabled. If set to true, then new controls for enabled standards are enabled automatically. If set to false, then new controls are not enabled. When you automatically enable new controls, you can interact with the controls in the console and programmatically immediately after release. However, automatically enabled controls have a temporary default status of DISABLED. It can take up to several days for Security Hub to process the control release and designate the control as ENABLED in your account. During the processing period, you can manually enable or disable a control, and Security Hub will maintain that designation regardless of whether you have AutoEnableControls set to true.
control_finding_generatorcorestringSpecifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards. The value for this field in a member account matches the value in the administrator account. For accounts that aren't part of an organization, the default value of this field is SECURITY_CONTROL if you enabled Security Hub on or after February 23, 2023.
hub_arncorestringThe ARN of the Hub resource that was retrieved.
subscribed_atcorestringThe date and time when Security Hub was enabled in the account.
tagscorehstore