This skill covers deploying AWS Security Hub as a centralized cloud security posture management platform that aggregates findings from GuardDuty, Inspector, Macie, and third-party tools. It details enabling security standards like CIS AWS Foundations Benchmark, configuring automated remediation, and building executive dashboards for compliance tracking across multi-account AWS organizations.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionimplementing-aws-security-hubExecute the skills CLI command in your project's root directory to begin installation:
Fetches implementing-aws-security-hub from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate implementing-aws-security-hub. Access via /implementing-aws-security-hub in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
8.6K
stars
| name | implementing-aws-security-hub |
| description | 'This skill covers deploying AWS Security Hub as a centralized cloud security posture management platform that aggregates findings from GuardDuty, Inspector, Macie, and third-party tools. It details enabling security standards like CIS AWS Foundations Benchmark, configuring automated remediation, and building executive dashboards for compliance tracking across multi-account AWS organizations. ' |
| domain | cybersecurity |
| subdomain | cloud-security |
| tags | - aws-security-hub - cspm - compliance-automation - security-standards - finding-aggregation |
| version | 1.0.0 |
| author | mahipal |
| license | Apache-2.0 |
| nist_csf | - PR.IR-01 - ID.AM-08 - GV.SC-06 - DE.CM-01 |
Do not use for real-time threat detection (see detecting-cloud-threats-with-guardduty), for Azure compliance monitoring (see securing-azure-with-microsoft-defender), or for deep vulnerability scanning of container images (see securing-container-registry).
Activate Security Hub in the delegated administrator account and enable security standards. AWS Security Hub CSPM supports CIS AWS Foundations Benchmark v5.0, AWS Foundational Security Best Practices, PCI DSS v3.2.1, and NIST SP 800-53.
# Enable Security Hub with standards
aws securityhub enable-security-hub \
--enable-default-standards \
--tags '{"Environment":"production","ManagedBy":"security-team"}'
# Enable CIS AWS Foundations Benchmark v5.0
aws securityhub batch-enable-standards \
--standards-subscription-requests '[
{"StandardsArn": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/5.0.0"},
{"StandardsArn": "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0"},
{"StandardsArn": "arn:aws:securityhub:us-east-1::standards/pci-dss/v/3.2.1"}
]'
# Verify enabled standards
aws securityhub get-enabled-standards \
--query 'StandardsSubscriptions[*].[StandardsArn,StandardsStatus]' --output table
Designate a Security Hub administrator and automatically enroll all organization member accounts. Configure cross-region aggregation to consolidate findings into a single region.
# Designate delegated admin
aws securityhub enable-organization-admin-account \
--admin-account-id 111122223333
# Auto-enable for all org members
aws securityhub update-organization-configuration \
--auto-enable \
--organization-configuration '{"ConfigurationType": "CENTRAL"}'
# Enable cross-region aggregation
aws securityhub create-finding-aggregator \
--region-linking-mode ALL_REGIONS
Configure product integrations to receive findings from AWS services and partner security tools. Map third-party findings to AWS Security Finding Format (ASFF).
# List available product integrations
aws securityhub describe-products \
--query 'Products[*].[ProductName,CompanyName,ProductSubscriptionResourcePolicy]' --output table
# Enable specific integrations
aws securityhub enable-import-findings-for-product \
--product-arn "arn:aws:securityhub:us-east-1::product/aws/guardduty"
aws securityhub enable-import-findings-for-product \
--product-arn "arn:aws:securityhub:us-east-1::product/aws/inspector"
# Import custom findings using ASFF format
aws securityhub batch-import-findings --findings '[{
"SchemaVersion": "2018-10-08",
"Id": "custom-finding-001",
"ProductArn": "arn:aws:securityhub:us-east-1:123456789012:product/123456789012/default",
"GeneratorId": "custom-scanner",
"AwsAccountId": "123456789012",
"Types": ["Software and Configuration Checks/Vulnerabilities/CVE"],
"Title": "Unpatched OpenSSL in production ALB backend",
"Description": "CVE-2024-12345 detected on backend instances",
"Severity": {"Label": "HIGH"},
"Resources": [{"Type": "AwsEc2Instance", "Id": "arn:aws:ec2:us-east-1:123456789012:instance/i-0abc123"}]
}]'
Create Security Hub custom actions linked to EventBridge rules and Lambda functions for one-click or fully automated remediation of common findings.
# Create a custom action for remediation
aws securityhub create-action-target \
--name "IsolateInstance" \
--description "Isolate EC2 instance by replacing security groups" \
--id "IsolateInstance"
# EventBridge rule for automated remediation of specific controls
aws events put-rule \
--name SecurityHubAutoRemediate \
--event-pattern '{
"source": ["aws.securityhub"],
"detail-type": ["Security Hub Findings - Imported"],
"detail": {
"findings": {
"Compliance": {"Status": ["FAILED"]},
"Severity": {"Label": ["CRITICAL", "HIGH"]},
"GeneratorId": ["aws-foundational-security-best-practices/v/1.0.0/S3.1"]
}
}
}'
Track security scores across standards, monitor compliance drift over time, and generate reports for audit evidence.
# Get security score for a standard
aws securityhub get-security-control-definition \
--security-control-id "S3.1"
# List all failed controls with counts
aws securityhub get-findings \
--filters '{
"ComplianceStatus": [{"Value": "FAILED", "Comparison": "EQUALS"}],
"RecordState": [{"Value": "ACTIVE", "Comparison": "EQUALS"}]
}' \
--sort-criteria '{"Field": "SeverityLabel", "SortOrder": "desc"}' \
--max-items 50
| Term | Definition |
|---|---|
| Security Standard | Pre-packaged set of controls mapped to compliance frameworks such as CIS, PCI-DSS, NIST 800-53, and AWS best practices |
| Security Control | Individual automated check that evaluates a specific AWS resource configuration against a security requirement |
| ASFF | AWS Security Finding Format, a standardized JSON schema for normalizing findings from all integrated security products |
| Compliance Score | Percentage of controls in a passing state within a given security standard, calculated per account and aggregated at the organization level |
| Finding Aggregator | Cross-region mechanism that consolidates findings from all enabled regions into a single administrator region |
| Custom Action | User-defined action that can be triggered from the Security Hub console to invoke EventBridge rules for manual or automated response |
Context: An enterprise enables CIS AWS Foundations Benchmark v5.0 and discovers 340 failed controls across 50 accounts, primarily in IAM password policy, CloudTrail configuration, and VPC flow log enablement.
Approach:
Pitfalls: Enabling automated remediation for all controls at once can break production workloads that legitimately require public S3 access or specific network configurations. Always test remediation in a staging account first.
AWS Security Hub Compliance Report
====================================
Organization: acme-corp
Administrator Account: 111122223333
Report Date: 2025-02-23
Standards Enabled: CIS v5.0, AWS FSBP v1.0, PCI DSS v3.2.1
COMPLIANCE SCORES:
CIS AWS Foundations Benchmark v5.0: 78%
AWS Foundational Security Best Practices: 85%
PCI DSS v3.2.1: 72%
TOP FAILED CONTROLS (by account count):
[S3.1] Block public access settings enabled - 23/50 accounts FAILED
[CT.1] CloudTrail multi-region enabled - 12/50 accounts FAILED
[IAM.4] Root account has no access keys - 3/50 accounts FAILED
[EC2.19] Security groups restrict unrestricted ports- 31/50 accounts FAILED
[RDS.3] RDS encryption at rest enabled - 18/50 accounts FAILED
FINDING SUMMARY:
Total Active Findings: 1,247
Critical: 34 | High: 189 | Medium: 567 | Low: 457
Auto-Remediated This Month: 89
Suppressed: 23
Prerequisites
Time Estimate
15-45 minutes depending on use case complexity
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
✗ Avoid when
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
implementing-aws-security-hub is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
Useful defaults in implementing-aws-security-hub — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
implementing-aws-security-hub fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
Registry listing for implementing-aws-security-hub matched our evaluation — installs cleanly and behaves as described in the markdown.
I recommend implementing-aws-security-hub for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
Keeps context tight: implementing-aws-security-hub is the kind of skill you can hand to a new teammate without a long onboarding doc.
implementing-aws-security-hub has been reliable in day-to-day use. Documentation quality is above average for community skills.
We added implementing-aws-security-hub from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
Solid pick for teams standardizing on skills: implementing-aws-security-hub is focused, and the summary matches what you get after install.
implementing-aws-security-hub reduced setup friction for our internal harness; good balance of opinion and flexibility.
showing 1-10 of 39