SecurityHub検出結果CSV出力用コマンド

• 初回検出日が30日以内、かつ重要度がCRITICALまたはHIGHでACTIVEなのSecurityHub検出結果を検索し、CSV出力するワンライナー

DATE=$(date --date="-30 days" +%Y-%m-%d);aws securityhub get-findings --filters '{"SeverityLabel":[{"Value": "CRITICAL","Comparison":"EQUALS"},{"Value":"HIGH","Comparison":"EQUALS"}],"RecordState": [{"Value": "ACTIVE","Comparison":"EQUALS"}]}' --query "Findings[?FirstObservedAt>=\`$DATE\`]" | jq -r '.[] | [.ProductName, .Region, .GeneratorId, .AwsAccountId, .Compliance.Status, .Severity.Label, .Resources[0].Region, .Resources[0].Id, .UpdatedAt, .Title, .Description] | @csv' > securityhub-findings.csv