EXPANDR-3582 Resolving AWS-IAM bug

Packs/AWS-Enrichment-Remediation/Playbooks/AWS_-_Enrichment.yml

@@ -6,10 +6,10 @@ starttaskid: "0"
 tasks:
   "0":
     id: "0"
-    taskid: 1e6e3546-a913-49f4-8390-37c6f1c846cd
+    taskid: b0f0baa0-e143-462d-8d65-40afab3ee28f
     type: start
     task:
-      id: 1e6e3546-a913-49f4-8390-37c6f1c846cd
+      id: b0f0baa0-e143-462d-8d65-40afab3ee28f
       version: -1
       name: ""
       iscommand: false
@@ -36,10 +36,10 @@ tasks:
     isautoswitchedtoquietmode: false
   "1":
     id: "1"
-    taskid: 70e5fc67-a675-464c-8544-2d3743e4b0b1
+    taskid: 753f7d27-7bf4-4285-88ea-33dc9addd41f
     type: regular
     task:
-      id: 70e5fc67-a675-464c-8544-2d3743e4b0b1
+      id: 753f7d27-7bf4-4285-88ea-33dc9addd41f
       version: -1
       name: Lookup EC2 information associated with IP
       description: Describes EC2 instance based off public IP address.
@@ -79,10 +79,10 @@ tasks:
     isautoswitchedtoquietmode: false
   "2":
     id: "2"
-    taskid: 6a4c4953-b741-4186-87dc-06f3c7dcd968
+    taskid: f2639ea7-6574-456e-81f6-083abf047f34
     type: title
     task:
-      id: 6a4c4953-b741-4186-87dc-06f3c7dcd968
+      id: f2639ea7-6574-456e-81f6-083abf047f34
       version: -1
       name: |
         Done
@@ -95,8 +95,8 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 100,
-          "y": 930
+          "x": 140,
+          "y": 420
         }
       }
     note: false
@@ -108,10 +108,10 @@ tasks:
     isautoswitchedtoquietmode: false
   "3":
     id: "3"
-    taskid: b73084f1-7bc8-4f79-862b-dd357037bce8
+    taskid: b78275c7-b0cb-4a9b-8215-fdae8f7aa1a1
     type: regular
     task:
-      id: b73084f1-7bc8-4f79-862b-dd357037bce8
+      id: b78275c7-b0cb-4a9b-8215-fdae8f7aa1a1
       version: -1
       name: Lookup SecurityGroup information associated with InstanceID
       description: Describes security groups of EC2 instance.
@@ -121,7 +121,7 @@ tasks:
       brand: AWS - EC2
     nexttasks:
       '#none#':
-      - "9"
+      - "2"
     scriptarguments:
       groupIds:
         complex:
@@ -143,110 +143,12 @@ tasks:
     quietmode: 0
     isoversize: false
     isautoswitchedtoquietmode: false
-  "4":
-    id: "4"
-    taskid: 48caa995-32de-4421-8e7e-7dd6bd406c15
-    type: regular
-    task:
-      id: 48caa995-32de-4421-8e7e-7dd6bd406c15
-      version: -1
-      name: Lookup SecurityGroup owner
-      description: Lists the IAM users based on the creator of the security group.
-      script: AWS - IAM|||aws-iam-list-users
-      type: regular
-      iscommand: true
-      brand: AWS - IAM
-    nexttasks:
-      '#none#':
-      - "2"
-    scriptarguments:
-      roleArn:
-        complex:
-          root: AWS.EC2.SecurityGroups
-          accessor: OwnerId
-    separatecontext: false
-    continueonerrortype: ""
-    view: |-
-      {
-        "position": {
-          "x": 560,
-          "y": 680
-        }
-      }
-    note: false
-    timertriggers: []
-    ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-    isoversize: false
-    isautoswitchedtoquietmode: false
-  "9":
-    id: "9"
-    taskid: 060102cd-0ced-4e67-88bc-6916f4f3750b
-    type: condition
-    task:
-      id: 060102cd-0ced-4e67-88bc-6916f4f3750b
-      version: -1
-      name: Is AWS - IAM enabled?
-      description: Determines if the AWS - IAM integration instance is configured to continue with scanning.
-      type: condition
-      iscommand: false
-      brand: ""
-    nexttasks:
-      '#default#':
-      - "2"
-      "yes":
-      - "4"
-    separatecontext: false
-    conditions:
-    - label: "yes"
-      condition:
-      - - operator: isExists
-          left:
-            value:
-              complex:
-                root: modules
-                filters:
-                - - operator: isEqualString
-                    left:
-                      value:
-                        simple: modules.brand
-                      iscontext: true
-                    right:
-                      value:
-                        simple: AWS - IAM
-                - - operator: isEqualString
-                    left:
-                      value:
-                        simple: modules.state
-                      iscontext: true
-                    right:
-                      value:
-                        simple: active
-            iscontext: true
-          right:
-            value: {}
-    continueonerrortype: ""
-    view: |-
-      {
-        "position": {
-          "x": 560,
-          "y": 340
-        }
-      }
-    note: false
-    timertriggers: []
-    ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-    isoversize: false
-    isautoswitchedtoquietmode: false
   "10":
     id: "10"
-    taskid: fe550b37-6e79-4323-87da-fa47eda81096
+    taskid: 8dedaf42-1479-43d2-82cf-4d34946dc410
     type: condition
     task:
-      id: fe550b37-6e79-4323-87da-fa47eda81096
+      id: 8dedaf42-1479-43d2-82cf-4d34946dc410
       version: -1
       name: Was there an EC2 instance?
       description: Check whether the last command returned EC2 information or not.
@@ -288,10 +190,10 @@ tasks:
     isautoswitchedtoquietmode: false
   "11":
     id: "11"
-    taskid: 08a31227-3225-4082-80a8-ba8f22faec22
+    taskid: 53eb9bbe-3269-44d9-878e-6ba4f77f9c98
     type: condition
     task:
-      id: 08a31227-3225-4082-80a8-ba8f22faec22
+      id: 53eb9bbe-3269-44d9-878e-6ba4f77f9c98
       version: -1
       name: Is AWS - EC2 enabled and is Input value defined?
       description: Determines if the AWS - EC2 integration instance is configured and Input values are defined to pull enrichment data.
@@ -357,15 +259,13 @@ view: |-
   {
     "linkLabelsPosition": {
       "10_2_#default#": 0.27,
-      "10_3_yes": 0.55,
-      "9_2_#default#": 0.5,
-      "9_4_yes": 0.53
+      "10_3_yes": 0.55
     },
     "paper": {
       "dimensions": {
-        "height": 1775,
-        "width": 840,
-        "x": 100,
+        "height": 1265,
+        "width": 800,
+        "x": 140,
         "y": -780
       }
     }
@@ -406,10 +306,9 @@ outputs:
 - contextPath: AWS.EC2.SecurityGroups
   description: AWS Security group information.
   type: unknown
-- contextPath: AWS.IAM.Users
-  description: AWS IAM information.
-  type: unknown
 quiet: true
 fromversion: 6.5.0
 tests:
 - No tests (auto formatted)
+contentitemexportablefields:
+  contentitemfields: {}

Packs/AWS-Enrichment-Remediation/Playbooks/AWS_-_Enrichment_README.md

@@ -1,24 +1,28 @@
 Given the IP address this playbook enriches EC2 and IAM information.
 
 ## Dependencies
+
 This playbook uses the following sub-playbooks, integrations, and scripts.
 
 ### Sub-playbooks
+
 This playbook does not use any sub-playbooks.
 
 ### Integrations
+
 * AWS - EC2
-* AWS - IAM
 
 ### Scripts
+
 This playbook does not use any scripts.
 
 ### Commands
+
 * aws-ec2-describe-security-groups
 * aws-ec2-describe-instances
-* aws-iam-list-users
 
 ## Playbook Inputs
+
 ---
 
 | **Name** | **Description** | **Default Value** | **Required** |
@@ -27,14 +31,16 @@ This playbook does not use any scripts.
 | AwsIP | AWS IP in alert | alert.remoteip | Required |
 
 ## Playbook Outputs
+
 ---
 
 | **Path** | **Description** | **Type** |
 | --- | --- | --- |
 | AWS.EC2.Instances | AWS EC2 information. | unknown |
 | AWS.EC2.SecurityGroups | AWS Security group information. | unknown |
-| AWS.IAM.Users | AWS IAM information. | unknown |
 
 ## Playbook Image
+
 ---
-![AWS - Enrichment](../doc_files/AWS_-_Enrichment.png)
+
+![AWS - Enrichment](../doc_files/AWS_-_Enrichment.png)

Packs/AWS-Enrichment-Remediation/README.md

@@ -1,7 +1,7 @@
 ##### What does this pack do?
 
 The pack contains AWS playbooks that conduct enrichment and/or remediation and can use multiple other AWS content packs:
-- Enrichment: Give an IP address, see if there is a EC2 instance associated and if so pull information on the security group associated and IAM information for the user that created that security group.
+- Enrichment: Give an IP address, see if there is a EC2 instance associated and if so pull information on the security group associated.
 - Remediation: Give the information collected from enrichment, replace the security group with a "quarantine" security group until vulnerabilities are resolved.
 - Unclaimed S3 Bucket Validation: The playbook sends a HTTP get response to the domain and validates the missing bucket information.
 - Unclaimed S3 Bucket Remediation: The playbook will create the unclaimed S3 bucket.
@@ -20,7 +20,7 @@ This content pack includes the following playbooks:
 - AWS - Unclaimed S3 Bucket Remediation
 
 #### AWS - Enrichment
-AWS - Enrichment playbook reports EC2 and IAM information given an IP address of an EC2 instance.
+AWS - Enrichment playbook reports EC2 information given an IP address of an EC2 instance.
 
 ![AWS - Enrichment](https://raw.githubusercontent.com/demisto/content/master/Packs/AWS-Enrichment-Remediation/doc_files/AWS_-_Enrichment.png)
 

Packs/AWS-Enrichment-Remediation/ReleaseNotes/1_1_2.md

@@ -0,0 +1,6 @@
+
+#### Playbooks
+
+##### AWS - Enrichment
+
+- Updated the playbook to remove IAM related tasks as the IAM list users is only providing all the users present in account.

Packs/AWS-Enrichment-Remediation/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "AWS Enrichment and Remediation",
     "description": "Playbooks using multiple AWS content packs for enrichment and remediation purposes",
     "support": "xsoar",
-    "currentVersion": "1.1.1",
+    "currentVersion": "1.1.2",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",