Adding workbook for AWS Security Hub Compliance

[samikroy]

Required items, please complete

This workbook contains the below details

1. Severity Analysis

   • Pie chart: Findings distribution by severity
   • Color-coded: CRITICAL (red), HIGH (orange), MEDIUM (yellow), LOW (blue)

2. Compliance Tracking

   • Pie chart: PASSED vs FAILED compliance status
   • Bar chart: Failed findings by compliance standard (CIS, NIST, PCI)

3. Trend Analysis

   • Line chart: Findings over time by severity
   • Area chart: Compliance status trend

4. Top Failing Controls

   • Table: Top 20 security controls with most findings
   • Shows: Control ID, Title, Finding count, Severity breakdown, Affected accounts

5. Account Security Posture

   • Table: Per-account summary with compliance rate
   • Metrics: Total findings, Critical/High/Medium/Low counts, Pass/Fail ratio

6. Regional Distribution

   • Bar chart: Top 10 AWS regions by finding count

7. Compliance Standards

   • Table: Findings by standard (CIS, NIST, PCI, ISO, HIPAA, SOC 2)
   • Compliance rate calculation

8. Resource Type Analysis

   • Table: Top 15 resource types with findings
   • Breakdown: IAM policies, EC2 instances, Security Groups, SQS queues, etc.

9. Detailed Findings View

   • Table: Latest 100 failed findings with drill-down
   • Fields: Time, Account, Region, Control, Severity, Title, Resource

10. Service-Specific Views

    • IAM security findings table
    • EC2 security findings table

Interactive Filters

• Time Range: Last hour → Last 90 days (or custom)

• AWS Account: Filter by specific account(s) or all

• AWS Region: Filter by region(s) or all

• Compliance Status: PASSED, FAILED, WARNING, NOT_AVAILABLE, or all

  Reason for Change(s):

  • New Workbook addition.

  Version Updated:

  • New Version

  Testing Completed:

  • Yes

[v-shukore]

Hi @samikroy, please add new workbook in data file and package the solution using V3 tool
https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md

[samikroy]

Hi @samikroy, please add new workbook in data file and package the solution using V3 tool https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md

@v-shukore - Added as requested, please review and let know for any inputs.

[v-shukore]

Hi @samikroy, please repackage this solution as well using V3 tool. Thanks!!
https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md

[samikroy]

Hi @v-shukore , I’ve repackaged the AWS Security Hub solution using the V3 tool. Please review.

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds an AWS Security Hub compliance-focused workbook and wires it into workbook metadata and the AWS Security Hub solution content definition.

Changes:

• Added a new “AWS Security Hub Compliance” workbook (added in both Workbooks/ and Solutions/AWS Security Hub/Workbooks/).
• Registered the workbook in Workbooks/WorkbooksMetadata.json.
• Updated the AWS Security Hub solution data to include the workbook and a workbook blade description.

Reviewed changes

Copilot reviewed 6 out of 8 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
Workbooks/WorkbooksMetadata.json	Adds a metadata entry so the new workbook can appear in the workbook gallery.
Workbooks/AWSSecurityHubComplianceWorkbook.json	New workbook template (root Workbooks location).
Solutions/AWS Security Hub/Workbooks/AWSSecurityHubComplianceWorkbook.json	New workbook template (solution-scoped location).
Solutions/AWS Security Hub/Data/Solution_AWSSecurityHub.json	Attempts to include the workbook in the solution’s content definition.
Solutions/AWS Security Hub/Package/mainTemplate.json	Updates packaged solution versioning/strings (not reviewed per repo ignore rules).
Solutions/AWS Security Hub/Package/createUiDefinition.json	Adds a Workbooks blade section (not reviewed per repo ignore rules).

Comments suppressed due to low confidence (2)

Solutions/AWS Security Hub/Workbooks/AWSSecurityHubComplianceWorkbook.json:1

• This workbook is added twice with (apparently) identical content: once under Workbooks/ and once under Solutions/AWS Security Hub/Workbooks/. Keeping duplicate copies is likely to drift over time. Prefer a single source of truth (either solution-scoped or root workbooks), and reference that path consistently from workbook metadata / solution content.
  Solutions/AWS Security Hub/Workbooks/AWSSecurityHubComplianceWorkbook.json:1
• This workbook is added twice with (apparently) identical content: once under Workbooks/ and once under Solutions/AWS Security Hub/Workbooks/. Keeping duplicate copies is likely to drift over time. Prefer a single source of truth (either solution-scoped or root workbooks), and reference that path consistently from workbook metadata / solution content.

[v-shukore]

Hi @samikroy,please update required suggestions given by the copilot as reviewer and commit the changes. Thanks!

[Copilot]

Pull request overview

Copilot reviewed 7 out of 11 changed files in this pull request and generated 4 comments.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Pull request overview

Copilot reviewed 6 out of 11 changed files in this pull request and generated 6 comments.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 10 changed files in this pull request and generated 4 comments.

[samikroy]

Hi @v-shukore , I've addressed all the Copilot review comments. Could you please take a look and let me know if any further changes are needed?

[v-shukore]

Hi @samikroy, I noticed that creteui and maintemplate are different inside and outside the zip package. Please ensure they are consistent. After that, repackage the solution using the V3 tool to prevent any changes from being missed. Thanks!

[samikroy]

Hi @v-shukore , I've repackaged the solution using the V3 tool, and ensured the zip files are in sync. All CI checks are passing. Could you please review? Thank you!

[v-shukore]

Hi @samikroy, please do not delete the existing zip packages from the solution. Uncommit the deleted zip packages and include only the newly created 3.0.3 zip package in this PR. There’s no need to modify or remove other zip packages. The new zip file and the outside zip maintemplate should match. Thanks!

[samikroy]

Hi @v-shukore , I have restored the previous zip packages (3.0.0, 3.0.1, 3.0.2) and kept the newly created 3.0.3 zip package as well. Please review. Thank you!

[v-shukore]

Hi @samikroy, still inside zip and outside zip maintemplate are not same its diffrent please look once into it. Thanks!