-
Notifications
You must be signed in to change notification settings - Fork 23
/
index.py
144 lines (115 loc) · 4.94 KB
/
index.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
import boto3
import os
import logging
logger = logging.getLogger()
logger.setLevel(logging.INFO)
SINGLE_LINE_LENGTH = 80
DOUBLE_LINE_LENGTH = 47
FOOTER_TEXT = os.environ['AdditionalEmailFooterText']
HEADER_TEXT = 'Weekly Security Hub Report \n'
FOOTER_URL = 'https://console.aws.amazon.com/securityhub/home/standards#/standards'
# this function will add a horizontal line to the email
def add_horizontal_line(text_body, line_char, line_length):
y = 0
while y <= line_length:
text_body += line_char
y += 1
text_body += '\n'
return text_body
def lambda_handler(event, context):
insightArns = []
insightLabels = []
#this is the placement number of insights that are grouped by severity, this is used for reversing the sort
severityTypeInsights = [1,2,3,4]
#fetch arns for custom insights from lambda environment variables
insightArns.append(os.environ['ARNInsight01'])
insightArns.append(os.environ['ARNInsight02'])
insightArns.append(os.environ['ARNInsight03'])
insightArns.append(os.environ['ARNInsight04'])
insightArns.append(os.environ['ARNInsight05'])
insightArns.append(os.environ['ARNInsight06'])
insightArns.append(os.environ['ARNInsight07'])
#fetch the SNS arn to send the email body to, from lambda environment variables
snsTopicArn = os.environ['SNSTopic']
#determine region from the arns
arnParsed = insightArns[0].split(':')
region = arnParsed[3]
#create list of section labels
insightLabels.append('AWS Foundational Security Best Practices security checks:')
insightLabels.append('AWS Foundational Security Best Practices failed security checks by severity:')
insightLabels.append('GuardDuty threat detection findings by severity:')
insightLabels.append('IAM Access Analyzer findings by severity:')
insightLabels.append('Unresolved findings by severity:')
insightLabels.append('New findings in the last 7 days:')
insightLabels.append('Top 10 Resource Types with findings:')
#format Email header
snsBody = ''
snsBody = add_horizontal_line(snsBody, '=', DOUBLE_LINE_LENGTH)
snsBody += HEADER_TEXT
snsBody = add_horizontal_line(snsBody, '=', DOUBLE_LINE_LENGTH)
snsBody += '\n\n'
#create boto3 client for Security Hub API calls
sec_hub_client = boto3.client('securityhub')
#for each custom insight get results and format for email
i = 0
while i < len(insightArns):
#call security hub api to get results for each custom insight
response = sec_hub_client.get_insight_results(
InsightArn=insightArns[i]
)
insightResults = response['InsightResults']['ResultValues']
#format into an email - section header
snsBody += str(insightLabels[i]) + '\n'
snsBody = add_horizontal_line(snsBody,'-', SINGLE_LINE_LENGTH)
#check for blank custom insights
if len(insightResults) == 0:
snsBody += 'NO RESULTS \n'
#determine how many rows are in this section, cap at 10
totalRows = len(insightResults)
if totalRows > 10:
totalRows = 10
#determine if this is the first section to customize the label
if i == 0:
firstSection = True
else:
firstSection = False
#determine if this is an insight that needs an updated sort
if (i in severityTypeInsights):
#reverse the sort
insightResults.reverse()
#convert the API results into rows for email formatting
x = 0
while x < totalRows:
snsBody += str(insightResults[x]['Count']) #add the value
snsBody += '\t - \t' #add a divider
if firstSection: #add two extra labels (TOTAL and CHECKS) to the values for the foundational summary
snsBody += 'TOTAL '
snsBody += str(insightResults[x]['GroupByAttributeValue']) #add the label
snsBody += ' CHECKS'
else:
snsBody += str(insightResults[x]['GroupByAttributeValue']) #add the label
snsBody += '\n' #next line
x += 1
#add table footer
snsBody = add_horizontal_line(snsBody,'-', SINGLE_LINE_LENGTH)
snsBody +=' \n'
#create and add deep link for this section
insightLink = 'https://' + region + '.console.aws.amazon.com/securityhub/home?region='
insightLink += region + '#/insights/' + insightArns[i]
snsBody += insightLink
snsBody += ' \n\n'
i += 1
#add footer text
snsBody += FOOTER_TEXT
snsBody += '\n'
snsBody = add_horizontal_line(snsBody,'-', SINGLE_LINE_LENGTH)
snsBody += FOOTER_URL
#send to SNS
sns_client = boto3.client('sns')
response = sns_client.publish(
TopicArn=snsTopicArn,
Message=snsBody
)
return {
'statusCode': 200,
}