From 583f33e7f6732e0bdb1da326bcaae1217bec76f2 Mon Sep 17 00:00:00 2001 From: Tejas Date: Sun, 30 May 2021 14:28:35 +0530 Subject: [PATCH 1/4] serverless application repository template --- .../serverless-app-template.yml | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 post-scan-actions/aws-nodejs-securityhub-integration/serverless-app-template.yml diff --git a/post-scan-actions/aws-nodejs-securityhub-integration/serverless-app-template.yml b/post-scan-actions/aws-nodejs-securityhub-integration/serverless-app-template.yml new file mode 100644 index 00000000..e89766ea --- /dev/null +++ b/post-scan-actions/aws-nodejs-securityhub-integration/serverless-app-template.yml @@ -0,0 +1,34 @@ +AWSTemplateFormatVersion: 2010-09-09 +Transform: AWS::Serverless-2016-10-31 + +Parameters: + ScanResultTopicARN: + Type: String + Description: The ARN of the scan result SNS topic in storage stack. + AWSACCOUNTNO: + Type: Number + Description: Provide AWS Account ID. + AWSSecurityHubARN: + Type: String + Description: Provide AWS Security hub ARN from selected region + +Resources: + C1FSecurityHub: + Type: AWS::Serverless::Function + Properties: + CodeUri: s3://bucket-4716/lambda.zip + Handler: index.handler + Runtime: nodejs12.x + MemorySize: 128 + Timeout: 30 + Tracing: Active + Environment: + Variables: + AWSACCOUNTNO: !Ref AWSACCOUNTNO + SECURITY_HUB_ARN: !Ref AWSSecurityHubARN + + Events: + ScanResult: + Type: SNS + Properties: + Topic: !Ref ScanResultTopicARN From 461ab17ce317b5fa4189d735a5358c2c80603fd9 Mon Sep 17 00:00:00 2001 From: Tejas Date: Sun, 30 May 2021 14:30:18 +0530 Subject: [PATCH 2/4] Update README.md --- .../README.md | 25 +++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/post-scan-actions/aws-nodejs-securityhub-integration/README.md b/post-scan-actions/aws-nodejs-securityhub-integration/README.md index 39673219..fa9f14be 100644 --- a/post-scan-actions/aws-nodejs-securityhub-integration/README.md +++ b/post-scan-actions/aws-nodejs-securityhub-integration/README.md @@ -5,8 +5,29 @@ Pushes FSS malware detections to AWS Security Hub integration. Change directory to `/lambda`. Run `npm run package` to install dependencies and zip it all together as `bundle.zip` and upload it to a bucket and take note of the key. Start a new stack based on this template. -## Template Inputs +## What is AWS Security Hub? +AWS Security Hub provides a comprehensive view of your security posture in Amazon Web Services (AWS) and helps you check your environment against security standards and Malicious file detection using serverless plugin. + In order to push malware finding to AWS Security hub, open source serverless plugin need to be deployed and configured with AWS SNS topic created by Scanner Stack created in previous step. + +## Deployment steps +1. Visit plugin from serverless application repository + +2. Enter AWS Account details and AWS Security hub ARN +AWSACCOUNTNO: Provide your aws account ID +AWSSecurityHubARN: arn:aws:securityhub:::product//default + + +3. Copy ScanResultTopicArn from scanner cloudformation stack output. This is the same ARN that we have used in previous step for Quarantine and promote object. + + +4. Enter ScanResultTopicARN to serverless application parameter and proceed to Deploy + + +5. Verify serverless plugin deployment is completed. + + +## Cloudformation Template Inputs * `snsScanResultTopicArn:` FSS Results SNS Topic ARN * `LambdaZipBucket` S3 bucket for lambda zip. If your have it under s3://bucket/path/to/zip.zip, enter 'bucket' here. - * `LambdaZipKey` S3 key for lambda zip. If your have it under s3://bucket/path/to/zip.zip, enter 'path/to/zip.zip' here. \ No newline at end of file + * `LambdaZipKey` S3 key for lambda zip. If your have it under s3://bucket/path/to/zip.zip, enter 'path/to/zip.zip' here. From ed5899ca31e1ecc9ad353849666266ba12aaf114 Mon Sep 17 00:00:00 2001 From: Tejas Date: Sun, 30 May 2021 14:48:31 +0530 Subject: [PATCH 3/4] Update serverless-app-template.yml --- .../serverless-app-template.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post-scan-actions/aws-nodejs-securityhub-integration/serverless-app-template.yml b/post-scan-actions/aws-nodejs-securityhub-integration/serverless-app-template.yml index e89766ea..81b10f87 100644 --- a/post-scan-actions/aws-nodejs-securityhub-integration/serverless-app-template.yml +++ b/post-scan-actions/aws-nodejs-securityhub-integration/serverless-app-template.yml @@ -24,7 +24,7 @@ Resources: Tracing: Active Environment: Variables: - AWSACCOUNTNO: !Ref AWSACCOUNTNO + ACCOUNT_ID: !Ref AWSACCOUNTNO SECURITY_HUB_ARN: !Ref AWSSecurityHubARN Events: From 7880a9931e12d46c879b110ee247c8f324ea7806 Mon Sep 17 00:00:00 2001 From: Tejas Date: Sun, 30 May 2021 14:54:02 +0530 Subject: [PATCH 4/4] Update serverless-app-template.yml --- .../serverless-app-template.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/post-scan-actions/aws-nodejs-securityhub-integration/serverless-app-template.yml b/post-scan-actions/aws-nodejs-securityhub-integration/serverless-app-template.yml index 81b10f87..3f6d9d13 100644 --- a/post-scan-actions/aws-nodejs-securityhub-integration/serverless-app-template.yml +++ b/post-scan-actions/aws-nodejs-securityhub-integration/serverless-app-template.yml @@ -26,6 +26,13 @@ Resources: Variables: ACCOUNT_ID: !Ref AWSACCOUNTNO SECURITY_HUB_ARN: !Ref AWSSecurityHubARN + Policies: + - Statement: + Effect: Allow + Action: + - securityhub:* + Resource: + - !Ref AWSSecurityHubARN Events: ScanResult: