automated-security-response-on-aws icon indicating copy to clipboard operation
automated-security-response-on-aws copied to clipboard

Published 20 hours ago verified publisher icon aws-solutions

SHARR Integration with Prowler

Open SecOp187 opened this issue 3 years ago • 1 comments

Is your feature request related to a problem? Please describe.

I integrated Security Hub with Prowler which is an open-source cloud security assessment tool. I created a separate custom action to initiate automated remediation (based on SHARR) to address security findings reported by Prowler. You can find attached a finding sample JSON (from a step input). PROWLER Finding_Step Input.txt

After the custom action initiates an event to execute the state machine, the "Get Remediation Approval Requirement" step fails with an error as shown below. image

Describe the feature you'd like

Can you please help me resolve this "list index out of range" issue in the get_approval_requirement.py script?

SecOp187 avatar Jul 26 '22 21:07 SecOp187

@groverlalit @leavertj I need to import the uuid module to generate a random uuid and modify the uuid variable in sechub_findings.py. Prowler doesn't create a finding ID with "/finding/" included in it which caused the error above. Can you assist me with this change? This sechub_findings.py dependency will have to be updated with the orchestrator lambda functions. image

SecOp187 avatar Jul 28 '22 00:07 SecOp187

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

github-actions[bot] avatar Jan 25 '23 00:01 github-actions[bot]

This issue was closed because it has been inactive for 7 days since being marked as stale.

github-actions[bot] avatar Feb 01 '23 00:02 github-actions[bot]