runbooks security host-findingsΒΆ
Auto-generated from
runbooks security host-findings --helpon 2026-05-21. Source of truth: runbooks PyPI package v1.3.22
Usage: runbooks security host-findings [OPTIONS]
Aggregate security findings from SecurityHub, GuardDuty, and Inspector2 for
a host.
Queries all three security services and shows a combined findings table
sorted by severity with a summary panel showing counts per severity level.
Services queried (graceful degradation if not enabled): - SecurityHub
(GetFindings filtered by ResourceId) - GuardDuty (ListFindings filtered by
instanceId) - Inspector2 (ListFindings filtered by resourceId)
READONLY -- no mutations.
Examples: runbooks security host-findings --resource-id i-0abc123
--profile ops runbooks security host-findings --resource-id i-0abc123
--profile ops --output json
Options:
--profile TEXT AWS profile for single-account operations.
π Profile Selection Guide:
βββββββββββββββββββββββββββββββββββββββββββββββ
Single Account β Use --profile YOUR_PROFILE
Example: --profile dev-account When:
Developer/operator working in one AWS account
Multi-Account LZ β Use --all-profiles (see
inventory commands) Example: --all-profiles
When: Platform team discovering across
organization
π Enrichment Profiles (Automatic): β’
Organizations: MANAGEMENT_PROFILE β’ Costs:
BILLING_PROFILE Note: Separate from discovery
profile
Decision: Single account = --profile | Multi-
account = --all-profiles
--region TEXT AWS region override (default: ap-southeast-2)
--dry-run Safe analysis mode - no resource modifications
(enterprise default)
--resource-id RESOURCE_ID EC2 instance ID (e.g. i-0abc123) or full resource
ARN. Queries SecurityHub, GuardDuty, and
Inspector2 for active findings. [required]
--output [table|json] Output format (default: table)
--help Show this message and exit.