From 6e6dacbace5ec2659e4194a61c85a33fba03f85d Mon Sep 17 00:00:00 2001
From: Sergio Garcia <38561120+sergargar@users.noreply.github.com>
Date: Mon, 20 Feb 2023 09:58:00 +0100
Subject: [PATCH] chore(security hub): add --skip-sh-update (#1911)

---
 docs/tutorials/aws/securityhub.md | 9 +++++++++
 prowler/__main__.py               | 2 +-
 prowler/lib/cli/parser.py         | 5 +++++
 tests/lib/cli/parser_test.py      | 6 ++++++
 4 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/docs/tutorials/aws/securityhub.md b/docs/tutorials/aws/securityhub.md
index 379157a5..9d225d6c 100644
--- a/docs/tutorials/aws/securityhub.md
+++ b/docs/tutorials/aws/securityhub.md
@@ -36,3 +36,12 @@ or for only one filtered region like eu-west-1:
 Once you run findings for first time you will be able to see Prowler findings in Findings section:
 
 ![Screenshot 2020-10-29 at 10 29 05 PM](https://user-images.githubusercontent.com/3985464/97634676-66c9f600-1a36-11eb-9341-70feb06f6331.png)
+
+## Skip sending updates of findings to Security Hub
+
+By default, Prowler archives all its findings in Security Hub that have not appeared in the last scan.
+You can skip this logic by using the option `--skip-sh-update` so Prowler will not archive older findings:
+
+```sh
+./prowler -S --skip-sh-update
+```
diff --git a/prowler/__main__.py b/prowler/__main__.py
index bb46dc6d..1e69044f 100644
--- a/prowler/__main__.py
+++ b/prowler/__main__.py
@@ -203,7 +203,7 @@ def prowler():
                 )
 
     # Resolve previous fails of Security Hub
-    if provider == "aws" and args.security_hub:
+    if provider == "aws" and args.security_hub and not args.skip_sh_update:
         resolve_security_hub_previous_findings(args.output_directory, audit_info)
 
     # Display summary table
diff --git a/prowler/lib/cli/parser.py b/prowler/lib/cli/parser.py
index d4630a72..4e1ff059 100644
--- a/prowler/lib/cli/parser.py
+++ b/prowler/lib/cli/parser.py
@@ -316,6 +316,11 @@ Detailed documentation at https://docs.prowler.cloud
             action="store_true",
             help="Send check output to AWS Security Hub",
         )
+        aws_security_hub_subparser.add_argument(
+            "--skip-sh-update",
+            action="store_true",
+            help="Skip updating previous findings of Prowler in Security Hub",
+        )
         # AWS Quick Inventory
         aws_quick_inventory_subparser = aws_parser.add_argument_group("Quick Inventory")
         aws_quick_inventory_subparser.add_argument(
diff --git a/tests/lib/cli/parser_test.py b/tests/lib/cli/parser_test.py
index 1dc1c599..a2f49bd8 100644
--- a/tests/lib/cli/parser_test.py
+++ b/tests/lib/cli/parser_test.py
@@ -738,6 +738,12 @@ class Test_Parser:
         parsed = self.parser.parse(command)
         assert parsed.security_hub
 
+    def test_aws_parser_skip_sh_update(self):
+        argument = "--skip-sh-update"
+        command = [prowler_command, argument]
+        parsed = self.parser.parse(command)
+        assert parsed.skip_sh_update
+
     def test_aws_parser_quick_inventory_short(self):
         argument = "-i"
         command = [prowler_command, argument]