Viewing cross-Region aggregation settings - AWS Security Hub

Viewing cross-Region aggregation settings

Note

The aggregation Region is now called the home Region. Some Security Hub API operations still use the older term aggregation Region.

You can view the current cross-Region aggregation configuration in AWS Security Hub from any AWS Region. The configuration includes the home Region, the linked Regions (if any), and whether to automatically link new Regions as Security Hub supports them.

Member accounts can view the cross-Region aggregation settings that the administrator account configured.

Choose your preferred method, and follow the steps to view your current cross-Region aggregation settings.

Security Hub console
To view cross-Region aggregation settings (console)
  1. Open the AWS Security Hub console at https://console.aws.amazon.com/securityhub/.

  2. On the navigation pane, choose Settings and then the Regions tab.

If cross-Region aggregation is not enabled, then the Regions tab displays the option to enable cross-Region aggregation. Only administrator accounts and standalone accounts can enable cross-Region aggregation.

If cross-Region aggregation is enabled, then the Regions tab displays the following information:

  • The home Region

  • Whether to automatically aggregate findings, insights, control statuses, and security scores from new Regions that Security Hub supports and that you opt into

  • The list of linked Regions (if any are selected)

Security Hub API

To view cross-Region aggregation settings (Security Hub API)

Use the GetFindingAggregator operation of the Security Hub API. If you use the AWS CLI, run the get-finding-aggregator command.

When you make the request, provide the finding aggregator ARN. To obtain the finding aggregator ARN, use the ListFindingAggregators operation or list-finding-aggregators command.

The following example shows the cross-Region aggregation settings for the specified finding aggregator ARN. This example is formatted for Linux, macOS, or Unix, and it uses the backslash (\) line-continuation character to improve readability

$aws securityhub get-finding-aggregator --finding-aggregator-arn arn:aws:securityhub:us-east-1:222222222222:finding-aggregator/123e4567-e89b-12d3-a456-426652340000