Adding workbook for AWS Security Hub Compliance

[samikroy]

Required items, please complete

This workbook contains the below details

1. Severity Analysis

   • Pie chart: Findings distribution by severity
   • Color-coded: CRITICAL (red), HIGH (orange), MEDIUM (yellow), LOW (blue)

2. Compliance Tracking

   • Pie chart: PASSED vs FAILED compliance status
   • Bar chart: Failed findings by compliance standard (CIS, NIST, PCI)

3. Trend Analysis

   • Line chart: Findings over time by severity
   • Area chart: Compliance status trend

4. Top Failing Controls

   • Table: Top 20 security controls with most findings
   • Shows: Control ID, Title, Finding count, Severity breakdown, Affected accounts

5. Account Security Posture

   • Table: Per-account summary with compliance rate
   • Metrics: Total findings, Critical/High/Medium/Low counts, Pass/Fail ratio

6. Regional Distribution

   • Bar chart: Top 10 AWS regions by finding count

7. Compliance Standards

   • Table: Findings by standard (CIS, NIST, PCI, ISO, HIPAA, SOC 2)
   • Compliance rate calculation

8. Resource Type Analysis

   • Table: Top 15 resource types with findings
   • Breakdown: IAM policies, EC2 instances, Security Groups, SQS queues, etc.

9. Detailed Findings View

   • Table: Latest 100 failed findings with drill-down
   • Fields: Time, Account, Region, Control, Severity, Title, Resource

10. Service-Specific Views

    • IAM security findings table
    • EC2 security findings table

Interactive Filters

• Time Range: Last hour → Last 90 days (or custom)

• AWS Account: Filter by specific account(s) or all

• AWS Region: Filter by region(s) or all

• Compliance Status: PASSED, FAILED, WARNING, NOT_AVAILABLE, or all

  Reason for Change(s):

  • New Workbook addition.

  Version Updated:

  • New Version

  Testing Completed:

  • Yes

[v-shukore]

Hi @samikroy, please add new workbook in data file and package the solution using V3 tool
https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md

[samikroy]

Hi @samikroy, please add new workbook in data file and package the solution using V3 tool https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md

@v-shukore - Added as requested, please review and let know for any inputs.

[v-shukore]

Hi @samikroy, please repackage this solution as well using V3 tool. Thanks!!
https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md

[samikroy]

Hi @v-shukore , I’ve repackaged the AWS Security Hub solution using the V3 tool. Please review.

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds an AWS Security Hub compliance-focused workbook and wires it into workbook metadata and the AWS Security Hub solution content definition.

Changes:

• Added a new “AWS Security Hub Compliance” workbook (added in both Workbooks/ and Solutions/AWS Security Hub/Workbooks/).
• Registered the workbook in Workbooks/WorkbooksMetadata.json.
• Updated the AWS Security Hub solution data to include the workbook and a workbook blade description.

Reviewed changes

Copilot reviewed 6 out of 8 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
Workbooks/WorkbooksMetadata.json	Adds a metadata entry so the new workbook can appear in the workbook gallery.
Workbooks/AWSSecurityHubComplianceWorkbook.json	New workbook template (root Workbooks location).
Solutions/AWS Security Hub/Workbooks/AWSSecurityHubComplianceWorkbook.json	New workbook template (solution-scoped location).
Solutions/AWS Security Hub/Data/Solution_AWSSecurityHub.json	Attempts to include the workbook in the solution’s content definition.
Solutions/AWS Security Hub/Package/mainTemplate.json	Updates packaged solution versioning/strings (not reviewed per repo ignore rules).
Solutions/AWS Security Hub/Package/createUiDefinition.json	Adds a Workbooks blade section (not reviewed per repo ignore rules).

Comments suppressed due to low confidence (2)

Solutions/AWS Security Hub/Workbooks/AWSSecurityHubComplianceWorkbook.json:1

• This workbook is added twice with (apparently) identical content: once under Workbooks/ and once under Solutions/AWS Security Hub/Workbooks/. Keeping duplicate copies is likely to drift over time. Prefer a single source of truth (either solution-scoped or root workbooks), and reference that path consistently from workbook metadata / solution content.
  Solutions/AWS Security Hub/Workbooks/AWSSecurityHubComplianceWorkbook.json:1
• This workbook is added twice with (apparently) identical content: once under Workbooks/ and once under Solutions/AWS Security Hub/Workbooks/. Keeping duplicate copies is likely to drift over time. Prefer a single source of truth (either solution-scoped or root workbooks), and reference that path consistently from workbook metadata / solution content.

[v-shukore]

Hi @samikroy,please update required suggestions given by the copilot as reviewer and commit the changes. Thanks!

[samikroy]

Hi @v-shukore , I've repackaged the solution using the V3 tool, and ensured the zip files are in sync. All CI checks are passing. Could you please review? Thank you!

[v-shukore]

Hi @samikroy, please do not delete the existing zip packages from the solution. Uncommit the deleted zip packages and include only the newly created 3.0.3 zip package in this PR. There’s no need to modify or remove other zip packages. The new zip file and the outside zip maintemplate should match. Thanks!

[samikroy]

Hi @v-shukore , I have restored the previous zip packages (3.0.0, 3.0.1, 3.0.2) and kept the newly created 3.0.3 zip package as well. Please review. Thank you!

[v-shukore]

Hi @samikroy, still inside zip and outside zip maintemplate are not same its diffrent please look once into it. Thanks!

[samikroy]

Hi @v-shukore , I have regenerated the package using the V3 tool. The mainTemplate.json inside and outside the zip are now in sync. Please review. Thanks!

[v-shukore]

Hi @samikroy, ARM-TTK is failing because of below error please fix it. Thanks!

[samikroy]

Hi @v-shukore , I have fixed the ARM-TTK validation errors in createUiDefinition.json:

1. Fixed empty label and text fields (were null, now have proper values)
2. Added workbook1-name to the outputs section
   Please review. Thank you!

[v-shukore]

Hi @samikroy, please update inside zip createui as well. Thanks!

[samikroy]

Hi @v-shukore , I have updated the createUiDefinition.json inside the 3.0.3 zip as well. Both inside and outside zip are now in sync with the fixes applied.

[samikroy]

Thank you for your support @v-atulyadav , @v-shukore , @v-dvedak