diff --git a/docs/content/usage/integrations/aws-security-hub.md b/docs/content/usage/integrations/aws-security-hub.md index c03b12ec1..f708165fe 100644 --- a/docs/content/usage/integrations/aws-security-hub.md +++ b/docs/content/usage/integrations/aws-security-hub.md @@ -23,6 +23,13 @@ If the correct permissions have been set on the AWS IAM role of the Monkey Islan Note that the integration is specifically between your Monkey Island and the security hub. The Infection Monkey is an free project and there is no centralised infrastructure. +### Enabling finding reception + +Before starting the scan, make sure that AWS Security Hub is accepting findings by enabling Infection Monkey + integration. Find **GuardiCore: AWS Infection Monkey** integration on the list and click on **Accept findings**. + +![Enabled integration](/images/usage/integrations/security-hub-enable-accepting-findings.png "Enabled integration") + ## Integration details The Infection Monkey reports the following types of issues to the AWS security hub: `Software and Configuration Checks/Vulnerabilities/CVE`. diff --git a/docs/static/images/usage/integrations/security-hub-enable-accepting-findings.png b/docs/static/images/usage/integrations/security-hub-enable-accepting-findings.png new file mode 100644 index 000000000..9d4d99b4b Binary files /dev/null and b/docs/static/images/usage/integrations/security-hub-enable-accepting-findings.png differ diff --git a/monkey/monkey_island/cc/services/reporting/aws_exporter.py b/monkey/monkey_island/cc/services/reporting/aws_exporter.py index 1ff69163e..1347775d0 100644 --- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py +++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py @@ -6,13 +6,14 @@ import boto3 from botocore.exceptions import UnknownServiceError from common.cloud.aws.aws_instance import AwsInstance -from monkey_island.cc.environment import EnvironmentConfig from monkey_island.cc.services.reporting.exporter import Exporter __authors__ = ['maor.rayzin', 'shay.nehmad'] logger = logging.getLogger(__name__) +INFECTION_MONKEY_ARN = "324264561773:product/guardicore/aws-infection-monkey" + class AWSExporter(Exporter): @staticmethod @@ -68,7 +69,7 @@ class AWSExporter(Exporter): # azure and conficker are not relevant issues for an AWS env } - configured_product_arn = EnvironmentConfig.get_from_file().aws.get('sec_hub_product_arn', '') + configured_product_arn = INFECTION_MONKEY_ARN product_arn = 'arn:aws:securityhub:{region}:{arn}'.format(region=region, arn=configured_product_arn) instance_arn = 'arn:aws:ec2:' + str(region) + ':instance:{instance_id}' # Not suppressing error here on purpose. diff --git a/monkey/monkey_island/cc/services/reporting/exporter_init.py b/monkey/monkey_island/cc/services/reporting/exporter_init.py index f7f78714c..66413a064 100644 --- a/monkey/monkey_island/cc/services/reporting/exporter_init.py +++ b/monkey/monkey_island/cc/services/reporting/exporter_init.py @@ -1,6 +1,5 @@ import logging -import monkey_island.cc.environment.environment_singleton as env_singleton from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService from monkey_island.cc.services.reporting.aws_exporter import AWSExporter from monkey_island.cc.services.reporting.report_exporter_manager import \ @@ -22,7 +21,7 @@ def try_add_aws_exporter_to_manager(manager): # noinspection PyBroadException try: RemoteRunAwsService.init() - if RemoteRunAwsService.is_running_on_aws() and ('aws' == env_singleton.env.get_deployment()): + if RemoteRunAwsService.is_running_on_aws(): manager.add_exporter_to_list(AWSExporter) except Exception: logger.error("Failed adding aws exporter to manager. Exception info:", exc_info=True)