Documentation
¶
Index ¶
- type FindingFilter
- func WithComplianceStatus(status string) FindingFilter
- func WithRecordState(state string) FindingFilter
- func WithResourceType(resourceType string) FindingFilter
- func WithResourceTypes(resourceType ...string) FindingFilter
- func WithSeverityLabel(label string) FindingFilter
- func WithWorkflowStatus(status string) FindingFilter
- type FindingManager
- type FindingManagerOption
- type ResourceType
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type FindingFilter ¶
type FindingFilter func(*FindingManager)
FindingFilter is a function that can be used to filter findings when calling GetFindings. Ie:
fm := NewFindingManager(ctx, cfg)
fm.GetFindings(
WithWorkflowStatus("NEW"),
WithRecordState("ACTIVE"),
WithResourceType("AwsS3Bucket"),
)
See filters.go for a list of available filters.
func WithComplianceStatus ¶
func WithComplianceStatus(status string) FindingFilter
WithComplianceStatus filters the findings by Compliance Status. Valid values are
PASSED, WARNING, FAILED, NOT_AVAILABLE, NOT_APPLICABLE, and ERROR.
You can use this option multiple times to add multiple compliance statuses (logical OR). Ie:
f := NewFindingsManager(ctx, cfg, WithComplianceStatus("FAILED"), WithComplianceStatus("WARNING")
will return findings with compliance status PASSED or WARNING.
func WithRecordState ¶
func WithRecordState(state string) FindingFilter
WithRecordState filters the findings by Record State. Valid values are
ACTIVE, ARCHIVED
You can use this option multiple times to add multiple record states (logical OR). Ie:
f := NewFindingsManager(ctx, cfg, WithRecordState("ACTIVE"), WithRecordState("ARCHIVED")
will return findings with record state ACTIVE or ARCHIVED.
func WithResourceType ¶
func WithResourceType(resourceType string) FindingFilter
WithResourceType filters the findings by Resource Type (AwsEc2Instance, AwsIamAccessKey, AwsIamUser, AwsS3Bucket, etc.). The list of resources is wide and may change over time. The full liss can be found here:
https://docs.aws.amazon.com/securityhub/latest/userguide/asff-resources.html
You can use this option multiple times to add multiple resource types (logical OR). Ie:
f := NewFindingsManager(ctx, cfg, WithResourceType("AwsEc2Instance"), WithResourceType("AwsS3Bucket")
will return findings with resource type AwsEc2Instance or AwsS3Bucket.
func WithResourceTypes ¶
func WithResourceTypes(resourceType ...string) FindingFilter
WithResourceType filters the findings by Resource Type (AwsEc2Instance, AwsIamAccessKey, AwsIamUser, AwsS3Bucket, etc.). The list of resources is wide and may change over time. The full liss can be found here:
https://docs.aws.amazon.com/securityhub/latest/userguide/asff-resources.html
You can use this option multiple times to add multiple resource types (logical OR). Ie:
f := NewFindingsManager(ctx, cfg, WithResourceType("AwsEc2Instance"), WithResourceType("AwsS3Bucket")
will return findings with resource type AwsEc2Instance or AwsS3Bucket.
func WithSeverityLabel ¶
func WithSeverityLabel(label string) FindingFilter
WithSeverityLabel filters the findings by Severity Label. Valid values are
LOW, MEDIUM, HIGH, CRITICAL
You can use this option multiple times to add multiple severity labels (logical OR). Ie:
f := NewFindingsManager(ctx, cfg, WithSeverityLabel("LOW"), WithSeverityLabel("MEDIUM")
will return findings with severity label LOW or MEDIUM.
func WithWorkflowStatus ¶
func WithWorkflowStatus(status string) FindingFilter
WithWorkflowStatus filters the findings by workflow status. Valid values are
NEW, NOTIFIED, TODO: add the rest
You can use this option multiple times (10 max) return multiple statuses (logical OR). Ie:
f := NewFindingsManager(ctx, cfg, WithWorkflowStatus("NEW"), WithWorkflowStatus("NOTIFIED")
will return findings with NEW or NOTIFIED workflow status.
type FindingManager ¶
type FindingManager struct {
Filters *types.AwsSecurityFindingFilters
// contains filtered or unexported fields
}
FindingManager manages Security Hub findings.
func NewFindingManager ¶
func NewFindingManager(ctx context.Context, cfg aws.Config, opts ...FindingManagerOption) *FindingManager
NewFindingManager returns a new FindingManager object you can use to work with Security Hub findings.
func (*FindingManager) CheckFindings ¶
func (fm *FindingManager) CheckFindings(filters ...FindingFilter) error
CheckFindings checks the current findings and returns a list of findings that are valid, invalid, or unknown.
fm := NewFindingManager(ctx, cfg)
fm.LoadFindings(
WithWorkflowStatus("NEW"),
WithRecordState("ACTIVE"),
WithResourceType("AwsEc2Instance"),
WithResourceType("AwsS3Bucket"),
)
valid, invalid, unknown := fm.CheckFindings()
See options.go for a complete list of GetFindings filters.
func (*FindingManager) GetInsight ¶
func (fm *FindingManager) GetInsight(name string) (types.Insight, error)
GetInsight returns the named Insight. Returns an error if the insight is not found.
func (*FindingManager) SaveFiltersAsInsight ¶
func (fm *FindingManager) SaveFiltersAsInsight(name string, groupBy string) error
SaveFiltersAsInsight saves the current set of filters as a new SecurityHub Insight with the given name, grouped by the given groupBy attribute. See https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-insights.html for more information on Insights and Group By attributes.
If an insight with the same name already exists, it will be overwritten with the new filters. If no filters are applied to the FindingManager, an error will be returned.
If groupBy is empty, the insight will be grouped by the default attribute, AwsAccountId.
type FindingManagerOption ¶
type FindingManagerOption func(*FindingManager)
FindingManagerOption is a function that can be used to filter findings and configure a FindingManager. Ie:
ctx := context.Background()
cfg, err = config.LoadDefaultConfig(ctx)
if err != nil {
panic(err)
}
f := NewFindingManager(ctx, cfg, WithWorkflowStatus("NEW"), WithRecordState("ACTIVE"), WithResourceType("AwsS3Bucket")
f.GetFindings()
f.ResolveInvalid()
See options.go for a complete list of FindingManger options.
type ResourceType ¶
type ResourceType string
const ( AwsApiGatewayRestApi ResourceType = "AwsApiGatewayRestApi" AwsApiGatewayStage ResourceType = "AwsApiGatewayStage" AwsApiGatewayV2Api ResourceType = "AwsApiGatewayV2Api" AwsApiGatewayV2Stage ResourceType = "AwsApiGatewayV2Stage" AwsAutoScalingAutoScalingGroup ResourceType = "AwsAutoScalingAutoScalingGroup" AwsAutoScalingLaunchConfiguration ResourceType = "AwsAutoScalingLaunchConfiguration" AwsBackupBackupPlan ResourceType = "AwsBackupBackupPlan" AwsBackupBackupVault ResourceType = "AwsBackupBackupVault" AwsBackupRecoveryPoint ResourceType = "AwsBackupRecoveryPoint" AwsCertificateManagerCertificate ResourceType = "AwsCertificateManagerCertificate" AwsCloudFormationStack ResourceType = "AwsCloudFormationStack" AwsCloudFrontDistribution ResourceType = "AwsCloudFrontDistribution" AwsCloudTrailTrail ResourceType = "AwsCloudTrailTrail" AwsCloudWatchAlarm ResourceType = "AwsCloudWatchAlarm" AwsCodeBuildProject ResourceType = "AwsCodeBuildProject" AwsDynamoDbTable ResourceType = "AwsDynamoDbTable" AwsEc2Eip ResourceType = "AwsEc2Eip" AwsEc2Instance ResourceType = "AwsEc2Instance" AwsEc2NetworkAcl ResourceType = "AwsEc2NetworkAcl" AwsEc2NetworkInterface ResourceType = "AwsEc2NetworkInterface" AwsEc2SecurityGroup ResourceType = "AwsEc2SecurityGroup" AwsEc2Subnet ResourceType = "AwsEc2Subnet" AwsEc2TransitGateway ResourceType = "AwsEc2TransitGateway" AwsEc2Volume ResourceType = "AwsEc2Volume" AwsEc2Vpc ResourceType = "AwsEc2Vpc" AwsEc2VpcEndpointService ResourceType = "AwsEc2VpcEndpointService" AwsEc2VpcPeeringConnection ResourceType = "AwsEc2VpcPeeringConnection" AwsEc2VpnConnection ResourceType = "AwsEc2VpnConnection" AwsEcrContainerImage ResourceType = "AwsEcrContainerImage" AwsEcrRepository ResourceType = "AwsEcrRepository" AwsEcsCluster ResourceType = "AwsEcsCluster" AwsEcsContainer ResourceType = "AwsEcsContainer" AwsEcsService ResourceType = "AwsEcsService" AwsEcsTask ResourceType = "AwsEcsTask" AwsEcsTaskDefinition ResourceType = "AwsEcsTaskDefinition" AwsEfsAccessPoint ResourceType = "AwsEfsAccessPoint" AwsEksCluster ResourceType = "AwsEksCluster" AwsElasticBeanstalkEnvironment ResourceType = "AwsElasticBeanstalkEnvironment" AwsElasticsearchDomain ResourceType = "AwsElasticsearchDomain" AwsElbLoadBalancer ResourceType = "AwsElbLoadBalancer" AwsElbv2LoadBalancer ResourceType = "AwsElbv2LoadBalancer" AwsIamAccessKey ResourceType = "AwsIamAccessKey" AwsIamGroup ResourceType = "AwsIamGroup" AwsIamPolicy ResourceType = "AwsIamPolicy" AwsIamRole ResourceType = "AwsIamRole" AwsIamUser ResourceType = "AwsIamUser" AwsKinesisStream ResourceType = "AwsKinesisStream" AwsKmsKey ResourceType = "AwsKmsKey" AwsLambdaFunction ResourceType = "AwsLambdaFunction" AwsLambdaLayerVersion ResourceType = "AwsLambdaLayerVersion" AwsNetworkFirewallFirewall ResourceType = "AwsNetworkFirewallFirewall" AwsNetworkFirewallFirewallPolicy ResourceType = "AwsNetworkFirewallFirewallPolicy" AwsNetworkFirewallRuleGroup ResourceType = "AwsNetworkFirewallRuleGroup" AwsOpenSearchServiceDomain ResourceType = "AwsOpenSearchServiceDomain" AwsRdsDbCluster ResourceType = "AwsRdsDbCluster" AwsRdsDbClusterSnapshot ResourceType = "AwsRdsDbClusterSnapshot" AwsRdsDbInstance ResourceType = "AwsRdsDbInstance" AwsRdsDbSecurityGroup ResourceType = "AwsRdsDbSecurityGroup" AwsRdsDbSnapshot ResourceType = "AwsRdsDbSnapshot" AwsRdsEventSubscription ResourceType = "AwsRdsEventSubscription" AwsRedshiftCluster ResourceType = "AwsRedshiftCluster" AwsS3AccountPublicAccessBlock ResourceType = "AwsS3AccountPublicAccessBlock" AwsS3Bucket ResourceType = "AwsS3Bucket" AwsS3Object ResourceType = "AwsS3Object" AwsSecretsManagerSecret ResourceType = "AwsSecretsManagerSecret" AwsSnsTopic ResourceType = "AwsSnsTopic" AwsSqsQueue ResourceType = "AwsSqsQueue" AwsSsmPatchCompliance ResourceType = "AwsSsmPatchCompliance" AwsWafRateBasedRule ResourceType = "AwsWafRateBasedRule" AwsWafRegionalRateBasedRule ResourceType = "AwsWafRegionalRateBasedRule" AwsWafRegionalRule ResourceType = "AwsWafRegionalRule" AwsWafRegionalRuleGroup ResourceType = "AwsWafRegionalRuleGroup" AwsWafRegionalWebAcl ResourceType = "AwsWafRegionalWebAcl" AwsWafRule ResourceType = "AwsWafRule" AwsWafRuleGroup ResourceType = "AwsWafRuleGroup" AwsWafWebAcl ResourceType = "AwsWafWebAcl" AwsXrayEncryptionConfig ResourceType = "AwsXrayEncryptionConfig" Container ResourceType = "Container" Other ResourceType = "Other" )
func SupportedResources ¶
func SupportedResources() []ResourceType
Source Files