Skip to content

An AWS Security Hub Custom Findings provider, using the Have I Been Pwned API

License

Notifications You must be signed in to change notification settings

KablamoOSS/Security-Hub-Custom-Provider-Demo

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Security Hub Custom Provider

This project shows you how you can integrate with AWS Security Hub to provide your own custom findings. In this example, we periodically check the Troy Hunt's Have I Been Pwned API and report findings whenever a breach is added.

Screenshot

Installation

To deploy the Have I Been Pwned Custom Provider you require the following prerequisites:

You should first modify the email_addresses variable in the src/index.py file to match the e-mail addresses you wish to monitor.

There is an included deploy.sh script that will create a new S3 bucket for the deployment artifacts, compile the SAM template and deploy to your account. You can modify this script if you have an existing bucket for your artifacts.

Usage

The Lambda will be executed every 24 hours (you can change this frequency in the CloudFormation template) which will call the Have I Been Pwned API for every e-mail address listed and if new breaches are discovered, it will add a finding in the AWS Security Hub console.

About

An AWS Security Hub Custom Findings provider, using the Have I Been Pwned API

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 89.5%
  • Shell 10.5%