Some improvements to the Enrichment feature and the Security Hub integration.
- Enrichment Function Improvements: When enriching a finding, all context categories (tags, account, config, associations, cloudtrail, and impact) are added by default, and this option is configurable using the configuration file. We now use the
Criticality
field forImpact Scoring
. - The lambda function is no longer configured to enrich findings by default; you need to enable it in the code manually.
- Enabled 2 levels of recursion for some resource types, which seems to be safe and useful.
- The Terraform Code now creates the Security Hub custom action and connects it to the Lambda!
- The Terraform Code now creates Security Hub insights for some of the Impact metrics!
- Don't generate an error when there is no AWS Organization
- Standardizing the status output with the details