Create AWS Security Hub Rules #23206

IsExec · 2024-05-01T02:38:31Z

Related issue
#22505

Added decoder to JSON decoders specific for AWS security hub
Added base ruleset for AWS security hub:
- Security hub controls base rules
- Base rules for AWS service integrations (GuardDuty, Inspector and Health)
- Rules for critical security control checks
Create .ini check file

Decoder/Rule tests
- Added unit testing files ".ini"
- runtests.py executed without errors

- Improved indexer connector logging - Factorized out callbacks used on indexer connector

- Fixed coverity defects - Use of auto causes copy - Copy instead of move - Use of & to prevent copy

- Reverted style changes

…t-at-shared-modules-1 Fix coverity defects for 4.8.0

Rename legacy-template.json

…lize-indexerconnector-for-index-wazuh-states-vulnerabilities Improving indexer connector log messages

- Fix behavior if the feed have less or invalid data.

…reloaded-var Add new preloaded var to disable `update_check`

…of-rocksdb Changes to limit the memory usage in write/read operations with rocksdb.

…ng-on-content-updater Update the log level in the vulnerability scanner content-updater

- Implement L1 logic - Partial implement L2 logic

- Implement translation logic - Restore deleted file - Add TC-008 for windows scenario

- Fix new line

- Fix errors related with string_view - Add filter logic

- Fix segfault. - Add documentation.

- Refactoring, move L2 to databaseFeedManager. - Delete filter. - Split translation package scanner in a new function. - Add cases for QA python testing. - Restor cacheLRU.

- Fix style.

- Fixed typo on column name

- Fix error.

…1-functions Migrate deprecated sha1 functions.

…bwrapper Improve error logging in `socketDbWrapper`

- Fixed typo - Updated logging - Moved to debug - Aligned logging message

…ility-scanner-facade-logging-with-current-changes Align vulnerability scanner logging with current changes

Downgrade macOS image version for scan-build test

- Rename title to Wazuh Agent

- Move callbacks

…torImp Address Coverity issues in `syscollectorImp.cpp`

…s_ui Improve Windows agent UI

Add additional check on XML parsing

Merge 4.7.4 into 4.8.0

Merge 4.8.0 into 4.9.0

sebasfalcone and others added 30 commits March 21, 2024 18:54

CL:

c04d53b

- Improved indexer connector logging - Factorized out callbacks used on indexer connector

Rename legacy-template.json

0cf51ec

Changes to limit the memory usage in write/read operations with rocksdb.

84b510a

Add cna mapping feature.

00b1d75

CL:

91e7364

- Fixed coverity defects - Use of auto causes copy - Copy instead of move - Use of & to prevent copy

CL:

1081744

- Reverted style changes

Merge pull request #22523 from wazuh/dev-20772-auto-causes-copy-defec…

bbc26ed

…t-at-shared-modules-1 Fix coverity defects for 4.8.0

Fix unit tests.

7321fb4

Add USER_ENABLE_UPDATE_CHECK preloaded var

99e7ca8

Update preloaded-vars template

48cd8c2

Merge pull request #22684 from wazuh/22681/rename-vd-index-template

f5b4cce

Rename legacy-template.json

Improving indexerConnector logging

ce833f3

Merge pull request #22682 from wazuh/dev-22532-worker-fails-to-initia…

9d37705

…lize-indexerconnector-for-index-wazuh-states-vulnerabilities Improving indexer connector log messages

- Add unit tests

5b09573

- Fix behavior if the feed have less or invalid data.

Add requested changes.

528196b

- Fix invalid call during reload json maps.

e59e2a0

Merge pull request #22719 from wazuh/enhancement/22706-update-check-p…

8853bfb

…reloaded-var Add new preloaded var to disable `update_check`

Update error remediation message

b1a79a2

Update log level

94cacab

Merge pull request #22693 from wazuh/fix/22581-fix-memory-management-…

68435a5

…of-rocksdb Changes to limit the memory usage in write/read operations with rocksdb.

Merge pull request #22737 from wazuh/dev-22721-reduce-verbosity-loggi…

780d1de

…ng-on-content-updater Update the log level in the vulnerability scanner content-updater

CL:

06936d6

- Implement L1 logic - Partial implement L2 logic

CL:

ff62168

- Implement translation logic - Restore deleted file - Add TC-008 for windows scenario

CL:

e20431f

- Fix new line

CL:

67b65fc

- Fix errors related with string_view - Add filter logic

CL:

5df1bd0

- Fix segfault. - Add documentation.

CL:

a366f29

- Fix segfault. - Add documentation.

CL:

454ee64

- Refactoring, move L2 to databaseFeedManager. - Delete filter. - Split translation package scanner in a new function. - Add cases for QA python testing. - Restor cacheLRU.

CL:

0a3edce

- Fix style.

CL:

d3bf835

- Fixed typo on column name

GabrielEValenzuela and others added 21 commits April 26, 2024 10:11

CL:

b985989

- Fix error.

Merge pull request #22974 from wazuh/fix/21565-migrate-deprecated-sha…

6d378c9

…1-functions Migrate deprecated sha1 functions.

Merge pull request #23075 from wazuh/bug/23064-improve-loggin-socketd…

755ddbd

…bwrapper Improve error logging in `socketDbWrapper`

CL:

543896a

- Fixed typo - Updated logging - Moved to debug - Aligned logging message

Merge pull request #23151 from wazuh/enhancement/23150-align-vulnerab…

7f0ad45

…ility-scanner-facade-logging-with-current-changes Align vulnerability scanner logging with current changes

fix: downgrade macOS image version for scan-build test

68ce597

Merge pull request #23178 from wazuh/fix/23176-scan-build-macos

7acd80a

Downgrade macOS image version for scan-build test

fix: improve xml parser

f7c8a11

fix: add extra unit tests for xml parser

cfd1cab

CL:

68b8f73

- Rename title to Wazuh Agent

CL:

737fe1b

- Move callbacks

Merge pull request #23183 from wazuh/bug/17025-fix_coverity_syscollec…

0086780

…torImp Address Coverity issues in `syscollectorImp.cpp`

Merge pull request #23182 from wazuh/enhancement/19464_improve_window…

0f9cea9

…s_ui Improve Windows agent UI

Merge branch '4.7.4' into merge-4.7.4-into-4.8.0

bd4982f

Merge pull request #20448 from wazuh/16386-additional-xml-validation

1d8ed30

Add additional check on XML parsing

Merge pull request #23190 from wazuh/merge-4.7.4-into-4.8.0

fe72bb5

Merge 4.7.4 into 4.8.0

Merge branch '4.8.0' into merge-4.8.0-into-4.9.0

56e8a3d

fix: downgrade macOS image version for ITs

f527538

test: expect synchronous=NORMAL at global database

c5d4eac

Merge pull request #23191 from wazuh/merge-4.8.0-into-4.9.0

f4de366

Merge 4.8.0 into 4.9.0

AWS security hub default ruleset

f5d70dc

IsExec self-assigned this May 1, 2024

IsExec added 2 commits May 1, 2024 09:26

AWS Security hub updated

ea5a833

Updated AWS security hub rules

aa94811

IsExec requested a review from ooniagbi May 2, 2024 06:28

Create aws_security_hub.ini

fa0498a

ooniagbi changed the base branch from 4.9.0 to epic-21209-aws-security-hub-integration May 2, 2024 11:46

IsExec linked an issue May 3, 2024 that may be closed by this pull request

Create AWS Security Hub rules #22505

Closed

IsExec removed a link to an issue May 3, 2024

Create AWS Security Hub rules #22505

Closed

IsExec closed this May 3, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Create AWS Security Hub Rules #23206

Create AWS Security Hub Rules #23206

IsExec commented May 1, 2024 •

edited

Create AWS Security Hub Rules #23206

Create AWS Security Hub Rules #23206

Conversation

IsExec commented May 1, 2024 • edited

IsExec commented May 1, 2024 •

edited