Some improvements to the Enrichment feature and the Security Hub integration.
- Enrichment Function Improvements: When enriching a finding, all context categories (tags, account, config, associations, cloudtrail, and impact) are added by default, and this option is configurable using the configuration file. We now use the
Criticalityfield forImpact Scoring. - The lambda function is no longer configured to enrich findings by default; you need to enable it in the code manually.
- Enabled 2 levels of recursion for some resource types, which seems to be safe and useful.
- The Terraform Code now creates the Security Hub custom action and connects it to the Lambda!
- The Terraform Code now creates Security Hub insights for some of the Impact metrics!
- Don't generate an error when there is no AWS Organization
- Standardizing the status output with the details