This release focuses on performance by implementing multithreading, making Metahub run 10x faster!
That's not all:
MetaChecks
- New MetaChecks Resources:
AwsEc2Vpc,AwsEc2SubnetandAwsEc2RouteTable - New Drilled MetaChecks when:
its_associated_with_vpcs,its_associated_with_subnetsandits_associated_with_route_tablesacross resources - Fix:
it_has_public_access_block_enabledMetaCheck was always returning the public block's content, meaning it was always True for filters. - Fix:
is_principal_externalwas being executed even if trusted_accounts was empty, meaning always True because the account was never in an empty list. - Fix: AwsEc2Subnet bug
- Fix: AwsElasticsearchDomain bug
Lambda / Security Hub Custom Actions
- AWS Security Hub actions (
--enrich-findingsand--update-findings) can now be run without confirmation (--no-actions-confirmation) useful for automated workflows like Custom Actions/Lambdas - New Lambda Behaviour for AWS Security Hub custom actions: Lambda will now read the finding from the lambda event and will be executed for each finding in that event with Meta* enabled. It will enrich the finding back in Security Hub in an automated way.
- Enrich Findings functionality now converts MetaChecks to booleans to avoid reaching maximum size limitation from API and make the AWS Security Hub filters really useful.
- Enrich Findings functionality now also adds MetaTrails and MetaAccount.
- Terraform code for the Lambda improved: IAM policies, layers, etc.
Outputs
- Outputs folder is now part of the code to avoid errors with a fresh installation
- Fix statistics counting for resources
- Updated tabulator version for HTML reports
- HTML search by ARN
Others
- Remove unused modules
- Split MetaAccount code
- Implement Security Hub get_findings progress bar
Happy Hunting 🚀