diff --git a/include/csv_header b/include/csv_header
index 2c4c81fc..7a867815 100644
--- a/include/csv_header
+++ b/include/csv_header
@@ -13,7 +13,8 @@
printCsvHeader() {
- >&2 echo ""
- >&2 echo "Generating \"${SEP}\" delimited report on stdout for profile $PROFILE, account $ACCOUNT_NUM"
- echo "PROFILE${SEP}ACCOUNT_NUM${SEP}REGION${SEP}TITLE_ID${SEP}RESULT${SEP}SCORED${SEP}LEVEL${SEP}TITLE_TEXT${SEP}NOTES${SEP}COMPLIANCE${SEP}SEVERITY${SEP}SERVICENAME" | tee -a $OUTPUT_FILE_NAME.$EXTENSION_CSV
+ # >&2 echo ""
+ # >&2 echo "Generating \"${SEP}\" delimited report on stdout for profile $PROFILE, account $ACCOUNT_NUM"
+ echo "PROFILE${SEP}ACCOUNT_NUM${SEP}REGION${SEP}TITLE_ID${SEP}CHECK_RESULT${SEP}ITEM_SCORED${SEP}ITEM_LEVEL${SEP}TITLE_TEXT${SEP}CHECK_RESULT_EXTENDED${SEP}CHECK_ASFF_COMPLIANCE_TYPE${SEP}CHECK_SEVERITY${SEP}CHECK_SERVICENAME${SEP}CHECK_ASFF_RESOURCE_TYPE${SEP}CHECK_ASFF_TYPE${SEP}CHECK_RISK${SEP}CHECK_REMEDIATION${SEP}CHECK_DOC${SEP}CHECK_CAF_EPIC" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+ # echo "PROFILE${SEP}ACCOUNT_NUM${SEP}REGION${SEP}TITLE_ID${SEP}RESULT${SEP}SCORED${SEP}LEVEL${SEP}TITLE_TEXT${SEP}NOTES${SEP}COMPLIANCE${SEP}SEVERITY${SEP}SERVICENAME" | tee -a $OUTPUT_FILE_NAME.$EXTENSION_CSV
}
diff --git a/include/outputs b/include/outputs
index 18342128..d9d4fb1c 100644
--- a/include/outputs
+++ b/include/outputs
@@ -19,13 +19,35 @@ EXTENSION_ASFF="asff-json"
EXTENSION_TEXT="txt"
EXTENSION_HTML="html"
OUTPUT_DATE=$(date -u +"%Y%m%d%H%M%S")
-OUTPUT_DIR="${PROWLER_DIR}/output"
+OUTPUT_DIR="${PROWLER_DIR}/output" # default output if none
OUTPUT_FILE_NAME="${OUTPUT_DIR}/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}"
HTML_LOGO_URL="https://github.com/toniblyx/prowler/"
-HTML_LOGO_IMG="https://raw.githubusercontent.com/toniblyx/prowler/master/util/html/prowler-logo.png"
+#HTML_LOGO_IMG="https://raw.githubusercontent.com/toniblyx/prowler/master/util/html/prowler-logo.png"
+HTML_LOGO_IMG="https://github.com/toniblyx/prowler/raw/2.4/util/html/prowler-logo-new.png"
TIMESTAMP=$(get_iso8601_timestamp)
PROWLER_PARAMETERS=$@
+# Available parameters for outputs formats (implemented this in CSV from v2.4):
+
+# $PROFILE profile used to run Prowler (--profile in AWS CLI)
+# $ACCOUNT_NUM AWS Account ID
+# $REPREGION AWS region scanned
+# $TITLE_ID Numeric identifier of each check (1.2, 2.3, etc), originally based on CIS checks.
+# $CHECK_RESULT values can be PASS, FAIL, INFO or WARNING if whitelisted
+# $ITEM_SCORED corresponds to CHECK_SCORED, values can be Scored/Not Scored. This is CIS only, will be deprecated in Prowler.
+# $ITEM_LEVEL corresponds to CHECK_TYPE_ currently only for CIS Level 1, CIS Level 2 and Extras (all checks not part of CIS)
+# $TITLE_TEXT corresponds to CHECK_TITLE_ shows title of each check
+# $CHECK_RESULT_EXTENDED shows response of each check per resource like sg-123438 is open!
+# $CHECK_ASFF_COMPLIANCE_TYPE specify type from taxonomy https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html
+# $CHECK_SEVERITY severity Low, Medium, High, Critical
+# $CHECK_SERVICENAME AWS service name short name
+# $CHECK_ASFF_RESOURCE_TYPE values from https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html#asff-resources
+# $CHECK_ASFF_TYPE generic type from taxonomy here https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html
+# $CHECK_RISK text about risk
+# $CHECK_REMEDIATION text about remediation
+# $CHECK_DOC link to related documentation
+# $CHECK_CAF_EPIC it can be Logging and Monitoring, IAM, Data Protection, Infrastructure Security. Incident Response is not included since CAF has not specific checks on it logs enablement are part of Logging and Monitoring.
+
# Ensure that output directory always exists when -M is used
if [[ $MODE ]];then
mkdir -p "${OUTPUT_DIR}"
@@ -40,6 +62,9 @@ if [[ $PROFILE == "" ]];then
fi
textPass(){
+ CHECK_RESULT="PASS"
+ CHECK_RESULT_EXTENDED="$1"
+
if [[ "$QUIET" == 1 ]]; then
return
fi
@@ -51,7 +76,7 @@ textPass(){
REPREGION=$REGION
fi
if [[ "${MODES[@]}" =~ "csv" ]]; then
- echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}PASS${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$1${SEP}$ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+ echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
fi
if [[ "${MODES[@]}" =~ "json" ]]; then
generateJsonOutput "$1" "Pass" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_JSON
@@ -78,6 +103,9 @@ textPass(){
}
textInfo(){
+ CHECK_RESULT="INFO"
+ CHECK_RESULT_EXTENDED="$1"
+
if [[ "$QUIET" == 1 ]]; then
return
fi
@@ -88,7 +116,7 @@ textInfo(){
REPREGION=$REGION
fi
if [[ "${MODES[@]}" =~ "csv" ]]; then
- echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}INFO${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$1${SEP}$ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_CSV}
+ echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
fi
if [[ "${MODES[@]}" =~ "json" ]]; then
generateJsonOutput "$1" "Info" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
@@ -133,6 +161,9 @@ textFail(){
EXITCODE=3
fi
+ CHECK_RESULT=$level
+ CHECK_RESULT_EXTENDED="$1"
+
if [[ $2 ]]; then
REPREGION=$2
else
@@ -140,7 +171,7 @@ textFail(){
fi
if [[ "${MODES[@]}" =~ "csv" ]]; then
- echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}${level}${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$1${SEP}$ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_CSV}
+ echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
fi
if [[ "${MODES[@]}" =~ "json" ]]; then
generateJsonOutput "$1" "${level}" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
@@ -206,7 +237,7 @@ textTitle(){
fi
if [[ "${MODES[@]}" =~ "csv" ]]; then
- >&2 echo "$TITLE_ID $TITLE_TEXT" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_CSV}
+ >&2 echo "$TITLE_ID $TITLE_TEXT" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_CSV}
elif [[ "${MODES[@]}" =~ "json" || "${MODES[@]}" =~ "json-asff" ]]; then
:
else
@@ -232,7 +263,7 @@ generateJsonOutput(){
--arg ITEM_LEVEL "$ITEM_LEVEL" \
--arg TITLE_ID "$TITLE_ID" \
--arg REPREGION "$REPREGION" \
- --arg TYPE "$ASFF_COMPLIANCE_TYPE" \
+ --arg TYPE "$CHECK_ASFF_COMPLIANCE_TYPE" \
--arg TIMESTAMP "$(get_iso8601_timestamp)" \
--arg SERVICENAME "$CHECK_SERVICENAME" \
-n '{
@@ -270,8 +301,8 @@ generateJsonAsffOutput(){
--arg SEVERITY "$(echo $CHECK_SEVERITY| awk '{ print toupper($0) }')" \
--arg TITLE_ID "$TITLE_ID" \
--arg CHECK_ID "$CHECK_ID" \
- --arg TYPE "$ASFF_COMPLIANCE_TYPE" \
- --arg COMPLIANCE_RELATED_REQUIREMENTS "$ASFF_COMPLIANCE_TYPE" \
+ --arg TYPE "$CHECK_ASFF_COMPLIANCE_TYPE" \
+ --arg COMPLIANCE_RELATED_REQUIREMENTS "$CHECK_ASFF_COMPLIANCE_TYPE" \
--arg RESOURCE_TYPE "$ASFF_RESOURCE_TYPE" \
--arg REPREGION "$REPREGION" \
--arg TIMESTAMP "$(get_iso8601_timestamp)" \
@@ -324,11 +355,15 @@ generateHtmlOutput(){
echo '| '$CHECK_SEVERITY' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$ACCOUNT_NUM' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$REPREGION' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
- echo ''$ASFF_COMPLIANCE_TYPE' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_ASFF_COMPLIANCE_TYPE' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$CHECK_SERVICENAME' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$TITLE_ID' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$TITLE_TEXT' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$message' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_CAF_EPIC' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_RISK' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_REMEDIATION' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_DOC' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
fi
if [[ $status == "PASS" ]];then
@@ -338,11 +373,15 @@ generateHtmlOutput(){
echo ''$CHECK_SEVERITY' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$ACCOUNT_NUM' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$REPREGION' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
- echo ''$ASFF_COMPLIANCE_TYPE' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_ASFF_COMPLIANCE_TYPE' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$CHECK_SERVICENAME' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$TITLE_ID' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$TITLE_TEXT' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$message' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_CAF_EPIC' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_RISK' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_REMEDIATION' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_DOC' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
fi
if [[ $status == "FAIL" ]];then
@@ -352,11 +391,15 @@ generateHtmlOutput(){
echo ''$CHECK_SEVERITY' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$ACCOUNT_NUM' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$REPREGION' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
- echo ''$ASFF_COMPLIANCE_TYPE' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_ASFF_COMPLIANCE_TYPE' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$CHECK_SERVICENAME' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$TITLE_ID' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$TITLE_TEXT' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$message' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_CAF_EPIC' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_RISK' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_REMEDIATION' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_DOC' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
fi
if [[ $status == "WARNING" ]];then
@@ -366,11 +409,15 @@ generateHtmlOutput(){
echo ''$CHECK_SEVERITY' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$ACCOUNT_NUM' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$REPREGION' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
- echo ''$ASFF_COMPLIANCE_TYPE' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_ASFF_COMPLIANCE_TYPE' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$CHECK_SERVICENAME' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$TITLE_ID' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$TITLE_TEXT' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$message' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_CAF_EPIC' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_RISK' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_REMEDIATION' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_DOC' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''>> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
fi
}
\ No newline at end of file
diff --git a/include/whoami b/include/whoami
index b9fa3e1b..a2fa3ce2 100644
--- a/include/whoami
+++ b/include/whoami
@@ -62,8 +62,8 @@ getWhoami(){
exit $EXITCODE
fi
printCsvHeader
- textTitle "0.0" "Show report generation info" "NOT_SCORED" "SUPPORT"
- textInfo "ARN: $CALLER_ARN TIMESTAMP: $SCRIPT_START_TIME"
+ # textTitle "0.0" "Show report generation info" "NOT_SCORED" "SUPPORT"
+ # textInfo "ARN: $CALLER_ARN TIMESTAMP: $SCRIPT_START_TIME"
elif [[ "$MODE" == "json" || "$MODE" == "json-asff" ]]; then
:
else
diff --git a/prowler b/prowler
index 34b587a8..83346e6e 100755
--- a/prowler
+++ b/prowler
@@ -32,7 +32,7 @@ OPTRED="�[1;31m"
OPTNORMAL="�[0;39m"
# Set the defaults variables
-PROWLER_VERSION=2.3.0-22012021
+PROWLER_VERSION=2.4.0-07042021
PROWLER_DIR=$(dirname "$0")
REGION=""
@@ -354,15 +354,24 @@ execute_check() {
fi
fi
+ CHECK_ID="$1"
+
# See if this is an alternate name for a check
# for example, we might have been passed 1.01 which is another name for 1.1
local alternate_name_var=CHECK_ALTERNATE_$1
local alternate_name=${!alternate_name_var}
# See if this check defines an ASFF Type, if so, use this, falling back to a sane default
- # For a list of Types, see: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html#securityhub-findings-format-type-taxonomy
+ # For a list of Types Taxonomy, see: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html
local asff_type_var=CHECK_ASFF_TYPE_$1
- local asff_compliance_type_var=CHECK_ASFF_COMPLIANCE_TYPE_$1
+ CHECK_ASFF_TYPE="${!asff_type_var:-Software and Configuration Checks}"
+ local asff_compliance_type_var=CHECK_ASFF_COMPLIANCE_TYPE_$1
+ CHECK_ASFF_COMPLIANCE_TYPE="${!asff_compliance_type_var:-Software and Configuration Checks}"
+
+ # See if this check defines an ASFF Resource Type, if so, use this, falling back to a sane default
+ # For a list of Resource Types, see: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html#asff-resources
+ local asff_resource_type_var=CHECK_ASFF_RESOURCE_TYPE_$1
+ CHECK_ASFF_RESOURCE_TYPE="${!asff_resource_type_var:-AwsAccount}"
local severity_var=CHECK_SEVERITY_$1
CHECK_SEVERITY="${!severity_var}"
@@ -370,15 +379,17 @@ execute_check() {
local servicename_var=CHECK_SERVICENAME_$1
CHECK_SERVICENAME="${!servicename_var}"
- CHECK_ID="$1"
+ local risk_var=CHECK_RISK_$1
+ CHECK_RISK="${!risk_var}"
- ASFF_TYPE="${!asff_type_var:-Software and Configuration Checks}"
- ASFF_COMPLIANCE_TYPE="${!asff_compliance_type_var:-Software and Configuration Checks}"
- # See if this check defines an ASFF Resource Type, if so, use this, falling back to a sane default
- # For a list of Resource Types, see: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html#asff-resources
- local asff_resource_type_var=CHECK_ASFF_RESOURCE_TYPE_$1
+ local remediation_var=CHECK_REMEDIATION_$1
+ CHECK_REMEDIATION="${!remediation_var}"
- ASFF_RESOURCE_TYPE="${!asff_resource_type_var:-AwsAccount}"
+ local doc_var=CHECK_DOC_$1
+ CHECK_DOC="${!doc_var}"
+
+ local caf_epic_var=CHECK_CAF_EPIC_$1
+ CHECK_CAF_EPIC="${!caf_epic_var}"
SECURITYHUB_NEW_FINDINGS_IDS=()