fix(securityhub): findings not being imported or archived in non-aws partitions (#3040)

Co-authored-by: Pepe Fagoaga <pepe@verica.io>
2026-02-10 14:55:00 +00:00 · 2023-11-16 02:27:28 -08:00
parent 19c2dccc6d
commit 9205ef30f8
4 changed files with 9 additions and 3 deletions
--- a/prowler/main.py
+++ b/prowler/main.py
@@ -247,7 +247,10 @@ def prowler():
        for region in security_hub_regions:
            # Save the regions where AWS Security Hub is enabled
            if verify_security_hub_integration_enabled_per_region(
-                region, audit_info.audit_session, audit_info.audited_account
+                audit_info.audited_partition,
+                region,
+                audit_info.audit_session,
+                audit_info.audited_account,
            ):
                aws_security_enabled_regions.append(region)

--- a/prowler/providers/aws/lib/security_hub/security_hub.py
+++ b/prowler/providers/aws/lib/security_hub/security_hub.py
@@ -49,6 +49,7 @@ def prepare_security_hub_findings(


 def verify_security_hub_integration_enabled_per_region(
+    partition: str,
    region: str,
    session: session.Session,
    aws_account_number: str,
@@ -65,7 +66,7 @@ def verify_security_hub_integration_enabled_per_region(
        security_hub_client.describe_hub()

        # Check if Prowler integration is enabled in Security Hub
-        security_hub_prowler_integration_arn = f"arn:aws:securityhub:{region}:{aws_account_number}:product-subscription/{SECURITY_HUB_INTEGRATION_NAME}"
+        security_hub_prowler_integration_arn = f"arn:{partition}:securityhub:{region}:{aws_account_number}:product-subscription/{SECURITY_HUB_INTEGRATION_NAME}"
        if security_hub_prowler_integration_arn not in str(
            security_hub_client.list_enabled_products_for_import()
        ):
--- a/tests/providers/aws/audit_info_utils.py
+++ b/tests/providers/aws/audit_info_utils.py
@@ -9,6 +9,7 @@ AWS_REGION_EU_WEST_2 = "eu-west-2"
 AWS_PARTITION = "aws"
 AWS_ACCOUNT_NUMBER = "123456789012"
 AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
+AWS_COMMERCIAL_PARTITION = "aws"


 # Mocked AWS Audit Info
--- a/tests/providers/aws/lib/security_hub/security_hub_test.py
+++ b/tests/providers/aws/lib/security_hub/security_hub_test.py
@@ -15,6 +15,7 @@ from prowler.providers.aws.lib.security_hub.security_hub import (
 )
 from tests.providers.aws.audit_info_utils import (
    AWS_ACCOUNT_NUMBER,
+    AWS_COMMERCIAL_PARTITION,
    AWS_REGION_EU_WEST_1,
    AWS_REGION_EU_WEST_2,
    set_mocked_aws_audit_info,
@@ -80,7 +81,7 @@ class Test_SecurityHub:
    def test_verify_security_hub_integration_enabled_per_region(self):
        session = self.set_mocked_session(AWS_REGION_EU_WEST_1)
        assert verify_security_hub_integration_enabled_per_region(
-            AWS_REGION_EU_WEST_1, session, AWS_ACCOUNT_NUMBER
+            AWS_COMMERCIAL_PARTITION, AWS_REGION_EU_WEST_1, session, AWS_ACCOUNT_NUMBER
        )

    def test_prepare_security_hub_findings_enabled_region_not_quiet(self):