Resource: aws_securityhub_insight

Provides a Security Hub custom insight resource. See the Managing custom insights section of the AWS User Guide for more information.

Example Usage

Filter by AWS account ID

resource "aws_securityhub_account" "example" {}

resource "aws_securityhub_insight" "example" {
  filters {
    aws_account_id {
      comparison = "EQUALS"
      value      = "1234567890"
    }

    aws_account_id {
      comparison = "EQUALS"
      value      = "09876543210"
    }
  }

  group_by_attribute = "AwsAccountId"

  name = "example-insight"

  depends_on = [aws_securityhub_account.example]
}

Filter by date range

resource "aws_securityhub_account" "example" {}

resource "aws_securityhub_insight" "example" {
  filters {
    created_at {
      date_range {
        unit  = "DAYS"
        value = 5
      }
    }
  }

  group_by_attribute = "CreatedAt"

  name = "example-insight"

  depends_on = [aws_securityhub_account.example]
}

Filter by destination IPv4 address

resource "aws_securityhub_account" "example" {}

resource "aws_securityhub_insight" "example" {
  filters {
    network_destination_ipv4 {
      cidr = "10.0.0.0/16"
    }
  }

  group_by_attribute = "NetworkDestinationIpV4"

  name = "example-insight"

  depends_on = [aws_securityhub_account.example]
}

Filter by finding's confidence

resource "aws_securityhub_account" "example" {}

resource "aws_securityhub_insight" "example" {
  filters {
    confidence {
      gte = "80"
    }
  }

  group_by_attribute = "Confidence"

  name = "example-insight"

  depends_on = [aws_securityhub_account.example]
}

Filter by resource tags

resource "aws_securityhub_account" "example" {}

resource "aws_securityhub_insight" "example" {
  filters {
    resource_tags {
      comparison = "EQUALS"
      key        = "Environment"
      value      = "Production"
    }
  }

  group_by_attribute = "ResourceTags"

  name = "example-insight"

  depends_on = [aws_securityhub_account.example]
}

Argument Reference

The following arguments are required:

filters

The filters configuration block supports the following arguments:

Date Filter Argument reference

The date filter configuration block supports the following arguments:

date_range Argument reference

The date_range configuration block supports the following arguments:

Ip Filter Argument Reference

The Ip filter configuration block supports the following arguments:

Keyword Filter Argument Reference

The keyword filter configuration block supports the following arguments:

Map Filter Argument reference

The map filter configuration block supports the following arguments:

Number Filter Argument reference

The number filter configuration block supports the following arguments:

String Filter Argument reference

The string filter configuration block supports the following arguments:

Workflow Status Filter Argument reference

The workflow status filter configuration block supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import Security Hub insights using the ARN. For example:

import {
  to = aws_securityhub_insight.example
  id = "arn:aws:securityhub:us-west-2:1234567890:insight/1234567890/custom/91299ed7-abd0-4e44-a858-d0b15e37141a"
}

Using terraform import, import Security Hub insights using the ARN. For example:

% terraform import aws_securityhub_insight.example arn:aws:securityhub:us-west-2:1234567890:insight/1234567890/custom/91299ed7-abd0-4e44-a858-d0b15e37141a