ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Security Hub: Mark as ARCHIVED + fix race condition @xeroxnir

Browse Source 
Security Hub: Mark as ARCHIVED + fix race condition @xeroxnir
This commit is contained in:
Toni de la Fuente
2020-09-18 15:19:12 +02:00
committed by GitHub
parent 70aed72aff 09212add77
commit a6bd8a59bf
3 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
include/os_detector
View File

@@ -104,6 +104,10 @@ gnu_get_iso8601_timestamp() {
"$DATE_CMD" -u +"%Y-%m-%dT%H:%M:%SZ"
}
gsu_get_iso8601_one_minute_ago() {
"$DATE_CMD" -d "1 minute ago" -u +"%Y-%m-%dT%H:%M:%SZ"
}
gsu_get_iso8601_hundred_days_ago() {
"$DATE_CMD" -d "100 days ago" -u +"%Y-%m-%dT%H:%M:%SZ"
}
@@ -116,6 +120,10 @@ bsd_get_iso8601_hundred_days_ago() {
"$DATE_CMD" -v-100d -u +"%Y-%m-%dT%H:%M:%SZ"
}
bsd_get_iso8601_one_minute_ago() {
"$DATE_CMD" -v-1m -u +"%Y-%m-%dT%H:%M:%SZ"
}
gnu_test_tcp_connectivity() {
HOST=$1
PORT=$2
@@ -159,6 +167,9 @@ if [ "$OSTYPE" == "linux-gnu" ] || [ "$OSTYPE" == "linux-musl" ]; then
get_iso8601_timestamp() {
gnu_get_iso8601_timestamp
}
get_iso8601_one_minute_ago() {
gsu_get_iso8601_one_minute_ago
}
get_iso8601_hundred_days_ago() {
gsu_get_iso8601_hundred_days_ago
}
@@ -219,6 +230,9 @@ elif [[ "$OSTYPE" == "darwin"* ]]; then
get_iso8601_timestamp() {
bsd_get_iso8601_timestamp
}
get_iso8601_one_minute_ago() {
bsd_get_iso8601_one_minute_ago
}
get_iso8601_hundred_days_ago() {
bsd_get_iso8601_hundred_days_ago
}

1
include/outputs
View File

@@ -276,6 +276,7 @@ generateJsonAsffOutput(){
"SchemaVersion": "2018-10-08",
"Id": "prowler-\($TITLE_ID)-\($ACCOUNT_NUM)-\($REPREGION)-\($UNIQUE_ID)",
"ProductArn": "arn:\($AWS_PARTITION):securityhub:\($REPREGION):\($ACCOUNT_NUM):product/\($ACCOUNT_NUM)/default",
"RecordState": "ACTIVE"
"ProductFields": {
"ProviderName": "Prowler",
"ProviderVersion": $PROWLER_VERSION

9
include/securityhub_integration
View File

@@ -31,16 +31,17 @@ checkSecurityHubCompatibility(){
}
resolveSecurityHubPreviousFails(){
# Move previous check findings to Workflow to PASSED (as prowler didn't re-detect them)
# Move previous check findings RecordState to ARCHIVED (as prowler didn't re-detect them)
for regx in $REGIONS; do
local check="$1"
OLD_TIMESTAMP=$(get_iso8601_one_minute_ago)
NEW_TIMESTAMP=$(get_iso8601_timestamp)
PREVIOUS_DATE=$(get_iso8601_hundred_days_ago)
FILTER="{\"UpdatedAt\":[{\"Start\":\"$PREVIOUS_DATE\",\"End\":\"$TIMESTAMP\"}],\"GeneratorId\":[{\"Value\": \"prowler-$check\",\"Comparison\":\"PREFIX\"}],\"ComplianceStatus\":[{\"Value\": \"FAILED\",\"Comparison\":\"EQUALS\"}]}"
SECURITY_HUB_PREVIOUS_FINDINGS=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT get-findings --filters "${FILTER}" | jq -c --arg updated_at $NEW_TIMESTAMP '[ .Findings[] | .Compliance = {"Status":"PASSED"} | .UpdatedAt = $updated_at ]')
FILTER="{\"UpdatedAt\":[{\"Start\":\"$PREVIOUS_DATE\",\"End\":\"$OLD_TIMESTAMP\"}],\"GeneratorId\":[{\"Value\": \"prowler-$check\",\"Comparison\":\"PREFIX\"}],\"ComplianceStatus\":[{\"Value\": \"FAILED\",\"Comparison\":\"EQUALS\"}]}"
SECURITY_HUB_PREVIOUS_FINDINGS=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT get-findings --filters "${FILTER}" | jq -c --arg updated_at $NEW_TIMESTAMP '[ .Findings[] | .RecordState = "ARCHIVED" | .UpdatedAt = $updated_at ]')
if [[ $SECURITY_HUB_PREVIOUS_FINDINGS != "[]" ]]; then
BATCH_IMPORT_RESULT=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT batch-import-findings --findings "${SECURITY_HUB_PREVIOUS_FINDINGS}")