Merge pull request #12

Updated CIS 3.2 and CIS 4.7
prasanna7401 · Jan 9, 2025 · 0c2bec9 · 0c2bec9
2 parents 6aa5ce4 + 0d4dfd3
commit 0c2bec9
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/main/cisPlaybook.py b/main/cisPlaybook.py
@@ -1609,7 +1609,7 @@ def cis_4_7(event, target_session, region, target_account_id, sns_topic_arn, log
     print(f"Task to be implemented on {target_account_id} in {region}")
 
     # --- REMEDIATION CODE ---
-    filter_pattern = '{ $.eventSource = kms* && $.errorMessage = "* is pending deletion."}'
+    filter_pattern = '{($.eventSource=kms.amazonaws.com) && (($.eventName=DisableKey) || ($.eventName=ScheduleKeyDeletion))}'
 
     # Important Variables
     filter_name = 'CMKDisablingDeletionFilter'

diff --git a/main/lambda_function.py b/main/lambda_function.py
@@ -175,10 +175,11 @@ def lambda_handler(event, context):
 
     # CIS 3.2 (CloudTrail log file validation should be enabled) -- AUTO-Remediation upon invoke
     if(security_control_id=="CloudTrail.4"):
-        trail_name = event['detail']['findings'][0]['Resources'][0]['Details']['AwsCloudTrailTrail']['Name']
+        # trail_name = event['detail']['findings'][0]['Resources'][0]['Details']['AwsCloudTrailTrail']['Name']
+        trail_arn = event['detail']['findings'][0]['Resources'][0]['Id']
         log_validation_status = event['detail']['findings'][0]['Resources'][0]['Details']['AwsCloudTrailTrail']['LogFileValidationEnabled']
         if not log_validation_status:
-            cis_3_2(event, target_session, region, target_account_id, sns_topic_arn, trail_name)
+            cis_3_2(event, target_session, region, target_account_id, sns_topic_arn, trail_arn)
 
     # CIS 3.3 (Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible) -- AUTO-Remediation upon invoke
     if(security_control_id=="CloudTrail.6"):