From f9d67f0e9d391c4a1e239be517ba0f67d8503c25 Mon Sep 17 00:00:00 2001 From: Sergio Garcia <38561120+sergargar@users.noreply.github.com> Date: Mon, 9 Jan 2023 14:18:12 +0100 Subject: [PATCH] fix(compliance): Security Hub working with compliance (#1673) Co-authored-by: sergargar --- prowler/lib/outputs/compliance.py | 92 ++++++++++++++++--------------- 1 file changed, 49 insertions(+), 43 deletions(-) diff --git a/prowler/lib/outputs/compliance.py b/prowler/lib/outputs/compliance.py index 50ea4fda..45a67967 100644 --- a/prowler/lib/outputs/compliance.py +++ b/prowler/lib/outputs/compliance.py @@ -18,13 +18,14 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors): check_compliance = output_options.bulk_checks_metadata[ finding.check_metadata.CheckID ].Compliance - csv_header = compliance_row = None + csv_header = compliance_row = compliance_output = None for compliance in check_compliance: if ( compliance.Framework == "ENS" and compliance.Version == "RD2022" and "ens_rd2022_aws" in output_options.output_modes ): + compliance_output = "ens_rd2022_aws" for requirement in compliance.Requirements: requirement_description = requirement.Description requirement_id = requirement.Id @@ -60,52 +61,57 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors): elif compliance.Framework == "CIS-AWS" and "cis" in str( output_options.output_modes ): - for requirement in compliance.Requirements: - requirement_description = requirement.Description - requirement_id = requirement.Id - for attribute in requirement.Attributes: - compliance_row = Check_Output_CSV_CIS( - Provider=finding.check_metadata.Provider, - AccountId=audit_info.audited_account, - Region=finding.region, - AssessmentDate=timestamp.isoformat(), - Requirements_Id=requirement_id, - Requirements_Description=requirement_description, - Requirements_Attributes_Section=attribute.get("Section"), - Requirements_Attributes_Profile=attribute.get("Profile"), - Requirements_Attributes_AssessmentStatus=attribute.get( - "AssessmentStatus" - ), - Requirements_Attributes_Description=attribute.get( - "Description" - ), - Requirements_Attributes_RationaleStatement=attribute.get( - "RationaleStatement" - ), - Requirements_Attributes_ImpactStatement=attribute.get( - "ImpactStatement" - ), - Requirements_Attributes_RemediationProcedure=attribute.get( - "RemediationProcedure" - ), - Requirements_Attributes_AuditProcedure=attribute.get( - "AuditProcedure" - ), - Requirements_Attributes_AdditionalInformation=attribute.get( - "AdditionalInformation" - ), - Requirements_Attributes_References=attribute.get("References"), - Status=finding.status, - StatusExtended=finding.status_extended, - ResourceId=finding.resource_id, - CheckId=finding.check_metadata.CheckID, - ) + # Only with the version of CIS that was selected + if "cis_" + compliance.Version + "_aws" in str(output_options.output_modes): + compliance_output = "cis_" + compliance.Version + "_aws" + for requirement in compliance.Requirements: + requirement_description = requirement.Description + requirement_id = requirement.Id + for attribute in requirement.Attributes: + compliance_row = Check_Output_CSV_CIS( + Provider=finding.check_metadata.Provider, + AccountId=audit_info.audited_account, + Region=finding.region, + AssessmentDate=timestamp.isoformat(), + Requirements_Id=requirement_id, + Requirements_Description=requirement_description, + Requirements_Attributes_Section=attribute.get("Section"), + Requirements_Attributes_Profile=attribute.get("Profile"), + Requirements_Attributes_AssessmentStatus=attribute.get( + "AssessmentStatus" + ), + Requirements_Attributes_Description=attribute.get( + "Description" + ), + Requirements_Attributes_RationaleStatement=attribute.get( + "RationaleStatement" + ), + Requirements_Attributes_ImpactStatement=attribute.get( + "ImpactStatement" + ), + Requirements_Attributes_RemediationProcedure=attribute.get( + "RemediationProcedure" + ), + Requirements_Attributes_AuditProcedure=attribute.get( + "AuditProcedure" + ), + Requirements_Attributes_AdditionalInformation=attribute.get( + "AdditionalInformation" + ), + Requirements_Attributes_References=attribute.get( + "References" + ), + Status=finding.status, + StatusExtended=finding.status_extended, + ResourceId=finding.resource_id, + CheckId=finding.check_metadata.CheckID, + ) - csv_header = generate_csv_fields(Check_Output_CSV_CIS) + csv_header = generate_csv_fields(Check_Output_CSV_CIS) if compliance_row: csv_writer = DictWriter( - file_descriptors[output_options.output_modes[-1]], + file_descriptors[compliance_output], fieldnames=csv_header, delimiter=";", )