Security Hub S3 Export

Export all Security Hub findings to S3

AWS Security Hub allows security teams to centralize most of the findings from AWS services but does not provide a native feature to exporting them in a S3 bucket, like CloudTrail or GuardDuty do. I’m surprised by this lack of native export. AWS already shares several solutions to export them in a CSV file on-demand, on-schedule or the whole finding history one-shot. But in the end, I had to find a solution to export them in near real-time to an S3 bucket so that they could be integrated into a third-party SIEM solution....

February 27, 2024 · 4 min · Marc-Henry Geay
AWS services security event logs

AWS services security event logs - A Reference

This post is always in progress This blog post was initially written on 2021 and AWS continues to add features continuously. If you notice something wrong or obsolete, share it to me! Why this repository AWS lets customers to generate and integrate some services security logs. However, each log source has its own configuration making understanding quite difficult for new customers. This post references main AWS services logging sources with its properties, format(s), some examples and resource to go further....

October 25, 2021 · 17 min · Marc-Henry Geay
CyberGordon principle

The genesis and architecture of my CyberGordon project

Quick introduction CyberGordon quickly provides you threat and risk information about observables such as IP addresses or domain names by querying multiple threat intelligence sources. Thanks to each source that provides free access to great Threat Intelligence against phishing and malware. Without them, CyberGordon would have not been there. Why CyberGordon ? Whether it be during my investigations at work or personal surfing sessions, I’m too lazy to use several sources to check if a domain or email address is suspicious or malicious....

June 8, 2020 · 7 min · Marc-Henry Geay