ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Import Security Hub finding into the same region as the related resource

Browse Source 
Force the batch-import-findings AWS CLI call to be directed at the region the currently reporting resource is located in, as Security Hub enforces this requirement

When checking that Security Hub is enabled, check for all regions that are in scope, e.g. all regions, unless '-f <region>' is used

Fixes #618
This commit is contained in:
Marc Jay
2020-06-05 12:55:53 +01:00
parent 26665a4645
commit 4dac3aab55
2 changed files with 17 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
include/securityhub_integration
View File

@@ -14,21 +14,26 @@
# Checks that the correct mode (json-asff) has been specified if wanting to send check output to AWS Security Hub
# and that Security Hub is enabled in the chosen region
checkSecurityHubCompatibility(){
local regx
if [[ "${MODE}" != "json-asff" ]]; then
echo -e "\n$RED ERROR!$NORMAL Output can only be sent to Security Hub when the output mode is json-asff, i.e. -M json-asff -S\n"
EXITCODE=1
exit $EXITCODE
fi
SECURITY_HUB_ENABLED=$($AWSCLI securityhub --region $REGION $PROFILE_OPT describe-hub)
if [[ -z "${SECURITY_HUB_ENABLED}" ]]; then
echo -e "\n$RED ERROR!$NORMAL Security Hub is not enabled in $REGION. Enable it by calling '$AWSCLI securityhub --region $REGION $PROFILE_OPT enable-security-hub'\n"
EXITCODE=1
exit $EXITCODE
fi
for regx in $REGIONS; do
SECURITY_HUB_ENABLED=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT describe-hub)
if [[ -z "${SECURITY_HUB_ENABLED}" ]]; then
echo -e "\n$RED ERROR!$NORMAL Security Hub is not enabled in $regx. Enable it by calling '$AWSCLI securityhub --region $regx $PROFILE_OPT enable-security-hub'\n"
EXITCODE=1
exit $EXITCODE
fi
done
}
sendToSecurityHub(){
BATCH_IMPORT_RESULT=$($AWSCLI securityhub --region $REGION $PROFILE_OPT batch-import-findings --findings "$1")
local findings="$1"
local region="$2"
BATCH_IMPORT_RESULT=$($AWSCLI securityhub --region "$region" $PROFILE_OPT batch-import-findings --findings "${findings}")
# A successful CLI response is: {"SuccessCount": 1,"FailedFindings": [],"FailedCount": 0}
# Therefore, check that SuccessCount is indeed 1
if [[ -z "${BATCH_IMPORT_RESULT}" ]] || ! jq -e '.SuccessCount == 1' <<< "${BATCH_IMPORT_RESULT}" > /dev/null 2>&1; then