Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security hub): Adds logic to map to valid ASFF statuses #2491

Merged
merged 2 commits into from Jun 15, 2023
Merged

fix(security hub): Adds logic to map to valid ASFF statuses #2491

merged 2 commits into from Jun 15, 2023

Conversation

ckdake
Copy link
Contributor

@ckdake ckdake commented Jun 14, 2023

Context

When running prowler against our AWS infrastructure, reporting using ASFF to security hub, we are unable to report all results due to "Status" being set incorrectly in API requests to Security Hub.

Description

AWS publishes the list of allowed values for Compliance Status here: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Compliance.html. This PR replaces blind + "ED" text manipulation with a condition that maps the output of prowler into values accepted by Security Hub.

We currently see "WARNINGED" and "INFOED", after this PR we will see "WARNING" and "INFO". We are not currently seeing any statuses that will map to "NOT_AVAILABLE", but this should cover other AWS situations that are beyond the scope of my test runs here.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ckdake ckdake requested a review from a team as a code owner June 14, 2023 17:41
@ckdake ckdake changed the title Adds logic to map to valid ASFF statuses fix(security hub): Adds logic to map to valid ASFF statuses Jun 14, 2023
sergargar
sergargar reviewed Jun 15, 2023
View reviewed changes
Copy link
Member

@sergargar sergargar left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch! I would put INFO as NOT_AVAILABLE since it is not applicable, what do you think?

prowler/lib/outputs/json.py Outdated Show resolved Hide resolved
@ckdake @sergargar
Maps INFO to NOT_AVAILABLE
3e2085e 
Co-authored-by: Sergio Garcia <38561120+sergargar@users.noreply.github.com>
@ckdake
Copy link
Contributor Author

ckdake commented Jun 15, 2023

Hmm, test failed. It doesn't look to be related since the check looks like it's happening before ASFF?

@sergargar sergargar merged commit 5061456 into prowler-cloud:master Jun 15, 2023
4 checks passed
@ckdake ckdake deleted the chris/fixes-asff-statuses branch June 15, 2023 14:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sergargar sergargar sergargar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ckdake @sergargar