Merge pull request #863 from VakarisZ/security_hub_fixes

Security hub fixes
2020-12-08 16:37:36 +02:00 · 2020-12-08 16:37:36 +02:00 · 17ee823b08
parent ac71a3ecb5 d77819b2bb
commit 17ee823b08
4 changed files with 11 additions and 4 deletions
--- a/docs/content/usage/integrations/aws-security-hub.md
+++ b/docs/content/usage/integrations/aws-security-hub.md
@ -23,6 +23,13 @@ If the correct permissions have been set on the AWS IAM role of the Monkey Islan

 Note that the integration is specifically between your Monkey Island and the security hub. The Infection Monkey is an free project and there is no centralised infrastructure.

+### Enabling finding reception
+
+Before starting the scan, make sure that AWS Security Hub is accepting findings by enabling Infection Monkey
+ integration. Find **GuardiCore: AWS Infection Monkey** integration on the list and click on **Accept findings**.
+
+![Enabled integration](/images/usage/integrations/security-hub-enable-accepting-findings.png "Enabled integration")
+
 ## Integration details

 The Infection Monkey reports the following types of issues to the AWS security hub: `Software and Configuration Checks/Vulnerabilities/CVE`.
--- a/docs/static/images/usage/integrations/security-hub-enable-accepting-findings.png
+++ b/docs/static/images/usage/integrations/security-hub-enable-accepting-findings.png
--- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py
+++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py
@ -6,13 +6,14 @@ import boto3
 from botocore.exceptions import UnknownServiceError

 from common.cloud.aws.aws_instance import AwsInstance
-from monkey_island.cc.environment import EnvironmentConfig
 from monkey_island.cc.services.reporting.exporter import Exporter

 __authors__ = ['maor.rayzin', 'shay.nehmad']

 logger = logging.getLogger(__name__)

+INFECTION_MONKEY_ARN = "324264561773:product/guardicore/aws-infection-monkey"
+

 class AWSExporter(Exporter):
    @staticmethod
@ -68,7 +69,7 @@ class AWSExporter(Exporter):
            # azure and conficker are not relevant issues for an AWS env
        }

-        configured_product_arn = EnvironmentConfig.get_from_file().aws.get('sec_hub_product_arn', '')
+        configured_product_arn = INFECTION_MONKEY_ARN
        product_arn = 'arn:aws:securityhub:{region}:{arn}'.format(region=region, arn=configured_product_arn)
        instance_arn = 'arn:aws:ec2:' + str(region) + ':instance:{instance_id}'
        # Not suppressing error here on purpose.
--- a/monkey/monkey_island/cc/services/reporting/exporter_init.py
+++ b/monkey/monkey_island/cc/services/reporting/exporter_init.py
@ -1,6 +1,5 @@
 import logging

-import monkey_island.cc.environment.environment_singleton as env_singleton
 from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService
 from monkey_island.cc.services.reporting.aws_exporter import AWSExporter
 from monkey_island.cc.services.reporting.report_exporter_manager import \
@ -22,7 +21,7 @@ def try_add_aws_exporter_to_manager(manager):
    # noinspection PyBroadException
    try:
        RemoteRunAwsService.init()
-        if RemoteRunAwsService.is_running_on_aws() and ('aws' == env_singleton.env.get_deployment()):
+        if RemoteRunAwsService.is_running_on_aws():
            manager.add_exporter_to_list(AWSExporter)
    except Exception:
        logger.error("Failed adding aws exporter to manager. Exception info:", exc_info=True)