ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(securityhub): findings not being imported or archived in non-aws partitions (#3040)

Browse Source 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
This commit is contained in:
Johnny Lu
2023-11-16 02:27:28 -08:00
committed by GitHub
parent 19c2dccc6d
commit 9205ef30f8
4 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
prowler/__main__.py
View File

@@ -247,7 +247,10 @@ def prowler():
for region in security_hub_regions: for region in security_hub_regions:
# Save the regions where AWS Security Hub is enabled # Save the regions where AWS Security Hub is enabled
if verify_security_hub_integration_enabled_per_region( if verify_security_hub_integration_enabled_per_region(
region, audit_info.audit_session, audit_info.audited_account audit_info.audited_partition,
region,
audit_info.audit_session,
audit_info.audited_account,
): ):
aws_security_enabled_regions.append(region) aws_security_enabled_regions.append(region)

3
prowler/providers/aws/lib/security_hub/security_hub.py
View File

@@ -49,6 +49,7 @@ def prepare_security_hub_findings(
def verify_security_hub_integration_enabled_per_region( def verify_security_hub_integration_enabled_per_region(
partition: str,
region: str, region: str,
session: session.Session, session: session.Session,
aws_account_number: str, aws_account_number: str,
@@ -65,7 +66,7 @@ def verify_security_hub_integration_enabled_per_region(
security_hub_client.describe_hub() security_hub_client.describe_hub()
# Check if Prowler integration is enabled in Security Hub # Check if Prowler integration is enabled in Security Hub
security_hub_prowler_integration_arn = f"arn:aws:securityhub:{region}:{aws_account_number}:product-subscription/{SECURITY_HUB_INTEGRATION_NAME}" security_hub_prowler_integration_arn = f"arn:{partition}:securityhub:{region}:{aws_account_number}:product-subscription/{SECURITY_HUB_INTEGRATION_NAME}"
if security_hub_prowler_integration_arn not in str( if security_hub_prowler_integration_arn not in str(
security_hub_client.list_enabled_products_for_import() security_hub_client.list_enabled_products_for_import()
): ):

1
tests/providers/aws/audit_info_utils.py
View File

@@ -9,6 +9,7 @@ AWS_REGION_EU_WEST_2 = "eu-west-2"
AWS_PARTITION = "aws" AWS_PARTITION = "aws"
AWS_ACCOUNT_NUMBER = "123456789012" AWS_ACCOUNT_NUMBER = "123456789012"
AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
AWS_COMMERCIAL_PARTITION = "aws"
# Mocked AWS Audit Info # Mocked AWS Audit Info

3
tests/providers/aws/lib/security_hub/security_hub_test.py
View File

@@ -15,6 +15,7 @@ from prowler.providers.aws.lib.security_hub.security_hub import (
) )
from tests.providers.aws.audit_info_utils import ( from tests.providers.aws.audit_info_utils import (
AWS_ACCOUNT_NUMBER, AWS_ACCOUNT_NUMBER,
AWS_COMMERCIAL_PARTITION,
AWS_REGION_EU_WEST_1, AWS_REGION_EU_WEST_1,
AWS_REGION_EU_WEST_2, AWS_REGION_EU_WEST_2,
set_mocked_aws_audit_info, set_mocked_aws_audit_info,
@@ -80,7 +81,7 @@ class Test_SecurityHub:
def test_verify_security_hub_integration_enabled_per_region(self): def test_verify_security_hub_integration_enabled_per_region(self):
session = self.set_mocked_session(AWS_REGION_EU_WEST_1) session = self.set_mocked_session(AWS_REGION_EU_WEST_1)
assert verify_security_hub_integration_enabled_per_region( assert verify_security_hub_integration_enabled_per_region(
AWS_REGION_EU_WEST_1, session, AWS_ACCOUNT_NUMBER AWS_COMMERCIAL_PARTITION, AWS_REGION_EU_WEST_1, session, AWS_ACCOUNT_NUMBER
) )
def test_prepare_security_hub_findings_enabled_region_not_quiet(self): def test_prepare_security_hub_findings_enabled_region_not_quiet(self):