My Saved Presets
You must be logged in to view saved presets

Loading Library ...

GuardDuty Untreated Findings

A config rule that checks whether GuardDuty has untreated findings. The rule is NON_COMPLIANT if the GuardDuty has untreated finding older than X days.

This configuration will create a Lambda Function for the Custom Config Rule, as well as the supporting IAM Role to allow the execution of the function.

Items
4
Size
2.4 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  CustomConfigRule:
    Type: 'AWS::Config::ConfigRule'
    Properties:
      ConfigRuleName: guardduty_untreated_findings
      Scope:
        ComplianceResourceTypes:
          - 'AWS::::Account'
      Description: A config rule that checks whether GuardDuty has untreated findings. The rule is NON_COMPLIANT if the GuardDuty has untreated finding older than X days.
      InputParameters:
        daysLowSev: '30'
        daysMediumSev: '7'
        daysHighSev: '1'
      Source:
        Owner: CUSTOM_LAMBDA
        SourceIdentifier:
          'Fn::GetAtt':
            - LambdaFunctionCustomConfigRule
            - Arn
        SourceDetails:
          - EventSource: aws.config
            MessageType: ScheduledNotification
            MaximumExecutionFrequency: TwentyFour_Hours
    DependsOn: LambdaInvokePermissionsCustomConfigRule
  LambdaInvokePermissionsCustomConfigRule:
    Type: 'AWS::Lambda::Permission'
    Properties:
      FunctionName:
        'Fn::GetAtt':
          - LambdaFunctionCustomConfigRule
          - Arn
      Action: 'lambda:InvokeFunction'
      Principal: config.amazonaws.com
  LambdaFunctionCustomConfigRule:
    Type: 'AWS::Lambda::Function'
    Properties:
      FunctionName: LambdaForguardduty_untreated_findings
      Handler: index.lambda_handler
      Role:
        'Fn::GetAtt':
          - LambdaIamRoleCustomConfigRule
          - Arn
      Runtime: python3.9
      Code:
        S3Bucket:
          'Fn::Sub':
            - 'asecure-cloud-cf-aux-${Region}'
            - Region:
                Ref: 'AWS::Region'
        S3Key: GUARDDUTY_UNTREATED_FINDINGS.zip
      Timeout: 300
    DependsOn: LambdaIamRoleCustomConfigRule
  LambdaIamRoleCustomConfigRule:
    Type: 'AWS::IAM::Role'
    Properties:
      RoleName: IAMRoleForguardduty_untreated_findingsgba
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lambda.amazonaws.com
            Action:
              - 'sts:AssumeRole'
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/AmazonGuardDutyReadOnlyAccess'
        - 'arn:aws:iam::aws:policy/service-role/AWSConfigRulesExecutionRole'
        - 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

Rule Settings


Rule Parameters


Trigger Settings

* Required field

© 2024 asecurecloud. All rights reserved.