For this new version, we have a lot of improvements:
Impact
owner
is a new Impact condition: You can identify theOwner
by Tags, Account ID, and Account Alias and assign an impact scoring for each owner.- Some code improvements to the Impact module for re-using code
- You can now evaluate Application by Account ID or Alias (in addition to tags)
findings
key is now under impact, with the scoring based on findings we will use as part of the final scoring calculation. Expanding this key, you get the details of how many findings we count and their severities.- The statistics module was improved; now you can get statistics for every impact condition.
Context
- There are new resources like
AwsAthenaWorkGroup
and new associations for the resourceAwsEc2Volume.
- Some improvements to the code for performance and recursion protection.
HTML
- The HTML report for Impact scoring now shows the number instead of the progress bar, making it easier to understand the difference between each row.
- There is a new widget for grouping findings by Impact scoring at the top of the HTML report.
Others
- Ignore not found errors for AwsIamPolicy resource
- Fix incorrect ARNs generated by AWS tools
Security Hub
- The lambda code for the security hub custom action will now execute by applying a filter by ResourceId, instead of Finding Id. This way, for one finding, we can calculate the impact scoring based on all the other findings affecting the same finding.
- Adding Security Hub Insights for Access and Status as part of the Terraform Code
Happy Hunting!
What's Changed
- add_AwsEc2Volume_associations by @gabrielsoltz in #67
- add-resource-AwsAthenaWorkGroup by @gabrielsoltz in #68
- documentation by @gabrielsoltz in #69
- Add Impact Statistics by @gabrielsoltz in #70
- switch-impact-to-number by @gabrielsoltz in #71
- Improve recursion protection and others by @gabrielsoltz in #72
- New Impact Owner key and improvements by @gabrielsoltz in #73
- Impact Findings Improvements by @gabrielsoltz in #74
- lambda-execute-by-resource-id by @gabrielsoltz in #75
Full Changelog: v2.2.0...v2.3.0