diff --git a/post-scan-actions/aws-nodejs-securityhub-integration/README.md b/post-scan-actions/aws-nodejs-securityhub-integration/README.md index 39673219..fa9f14be 100644 --- a/post-scan-actions/aws-nodejs-securityhub-integration/README.md +++ b/post-scan-actions/aws-nodejs-securityhub-integration/README.md @@ -5,8 +5,29 @@ Pushes FSS malware detections to AWS Security Hub integration. Change directory to `/lambda`. Run `npm run package` to install dependencies and zip it all together as `bundle.zip` and upload it to a bucket and take note of the key. Start a new stack based on this template. -## Template Inputs +## What is AWS Security Hub? +AWS Security Hub provides a comprehensive view of your security posture in Amazon Web Services (AWS) and helps you check your environment against security standards and Malicious file detection using serverless plugin. + In order to push malware finding to AWS Security hub, open source serverless plugin need to be deployed and configured with AWS SNS topic created by Scanner Stack created in previous step. + +## Deployment steps +1. Visit plugin from serverless application repository + +2. Enter AWS Account details and AWS Security hub ARN +AWSACCOUNTNO: Provide your aws account ID +AWSSecurityHubARN: arn:aws:securityhub:::product//default + + +3. Copy ScanResultTopicArn from scanner cloudformation stack output. This is the same ARN that we have used in previous step for Quarantine and promote object. + + +4. Enter ScanResultTopicARN to serverless application parameter and proceed to Deploy + + +5. Verify serverless plugin deployment is completed. + + +## Cloudformation Template Inputs * `snsScanResultTopicArn:` FSS Results SNS Topic ARN * `LambdaZipBucket` S3 bucket for lambda zip. If your have it under s3://bucket/path/to/zip.zip, enter 'bucket' here. - * `LambdaZipKey` S3 key for lambda zip. If your have it under s3://bucket/path/to/zip.zip, enter 'path/to/zip.zip' here. \ No newline at end of file + * `LambdaZipKey` S3 key for lambda zip. If your have it under s3://bucket/path/to/zip.zip, enter 'path/to/zip.zip' here. diff --git a/post-scan-actions/aws-nodejs-securityhub-integration/serverless-app-template.yml b/post-scan-actions/aws-nodejs-securityhub-integration/serverless-app-template.yml new file mode 100644 index 00000000..3f6d9d13 --- /dev/null +++ b/post-scan-actions/aws-nodejs-securityhub-integration/serverless-app-template.yml @@ -0,0 +1,41 @@ +AWSTemplateFormatVersion: 2010-09-09 +Transform: AWS::Serverless-2016-10-31 + +Parameters: + ScanResultTopicARN: + Type: String + Description: The ARN of the scan result SNS topic in storage stack. + AWSACCOUNTNO: + Type: Number + Description: Provide AWS Account ID. + AWSSecurityHubARN: + Type: String + Description: Provide AWS Security hub ARN from selected region + +Resources: + C1FSecurityHub: + Type: AWS::Serverless::Function + Properties: + CodeUri: s3://bucket-4716/lambda.zip + Handler: index.handler + Runtime: nodejs12.x + MemorySize: 128 + Timeout: 30 + Tracing: Active + Environment: + Variables: + ACCOUNT_ID: !Ref AWSACCOUNTNO + SECURITY_HUB_ARN: !Ref AWSSecurityHubARN + Policies: + - Statement: + Effect: Allow + Action: + - securityhub:* + Resource: + - !Ref AWSSecurityHubARN + + Events: + ScanResult: + Type: SNS + Properties: + Topic: !Ref ScanResultTopicARN