From 0f3e6ee90be39b44fee202f084562c79e395eef7 Mon Sep 17 00:00:00 2001
From: Joaquin Rinaudo <rinaudj@amazon.com>
Date: Fri, 18 Sep 2020 14:07:00 +0200
Subject: [PATCH] feature(security-hub): archive finding instead of mark as
 PASSED

---
 include/securityhub_integration | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/securityhub_integration b/include/securityhub_integration
index e969ec6e..d3550583 100644
--- a/include/securityhub_integration
+++ b/include/securityhub_integration
@@ -31,7 +31,7 @@ checkSecurityHubCompatibility(){
 }
 
 resolveSecurityHubPreviousFails(){
-  # Move previous check findings to Workflow to PASSED (as prowler didn't re-detect them)
+  # Move previous check findings RecordState to ARCHIVED (as prowler didn't re-detect them)
   for regx in $REGIONS; do
 
     local check="$1"
@@ -40,7 +40,7 @@ resolveSecurityHubPreviousFails(){
 
     PREVIOUS_DATE=$(get_iso8601_hundred_days_ago)
     FILTER="{\"UpdatedAt\":[{\"Start\":\"$PREVIOUS_DATE\",\"End\":\"$TIMESTAMP\"}],\"GeneratorId\":[{\"Value\": \"prowler-$check\",\"Comparison\":\"PREFIX\"}],\"ComplianceStatus\":[{\"Value\": \"FAILED\",\"Comparison\":\"EQUALS\"}]}"
-    SECURITY_HUB_PREVIOUS_FINDINGS=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT get-findings --filters "${FILTER}" | jq -c --arg updated_at $NEW_TIMESTAMP  '[ .Findings[] | .Compliance = {"Status":"PASSED"} | .UpdatedAt = $updated_at ]')
+    SECURITY_HUB_PREVIOUS_FINDINGS=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT get-findings --filters "${FILTER}" | jq -c --arg updated_at $NEW_TIMESTAMP  '[ .Findings[] | .RecordState="ARCHIVED" | .UpdatedAt = $updated_at ]')
     if [[ $SECURITY_HUB_PREVIOUS_FINDINGS != "[]" ]]; then
       BATCH_IMPORT_RESULT=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT batch-import-findings --findings "${SECURITY_HUB_PREVIOUS_FINDINGS}")