reverted pr, added testevent

securityhub-forwarder/sam/packaged.yaml

@@ -1,28 +1,48 @@
 AWSTemplateFormatVersion: '2010-09-09'
+Transform: AWS::Serverless-2016-10-31
 Description: 'This function is invoked by Sumo Logic(via Scheduled Search) through
   API Gateway. The event payload received is then forwarded to AWS Security Hub.
 
   '
-Outputs:
-  SecurityHubForwarderApiUrl:
-    Description: URL of your API endpoint
-    Value:
-      Fn::Sub: https://${SecurityHubForwarderApiGateway}.execute-api.${AWS::Region}.amazonaws.com/prod/findings
-  SecurityHubForwarderFunction:
-    Description: SecurityHubForwarder Function ARN
-    Value:
-      Fn::GetAtt:
-      - SecurityHubForwarderFunction
-      - Arn
+Metadata:
+  AWS::ServerlessRepo::Application:
+    Author: Sumo Logic
+    Description: This lambda function is used for importing findings from Sumo Logic
+      to AWS Security Hub. The function is invoked by Sumo Logic(via Scheduled Search)
+      through API Gateway. The event payload received is then forwarded to AWS Security
+      Hub.
+    HomePageUrl: https://github.com/SumoLogic/sumologic-aws-lambda
+    Labels:
+    - sumologic
+    - serverless
+    - security
+    - cloudwatchevents
+    - securityhub
+    Name: sumologic-securityhub-forwarder
+    LicenseUrl: s3://appdevstore/SecurityHubForwarder/v1.0.9/6092dd6c323e33634657102f570628e0
+    ReadmeUrl: s3://appdevstore/SecurityHubForwarder/v1.0.9/56f774fe371f787c17ec137a47c93138
+    SemanticVersion: 1.0.9
+    SourceCodeUrl: https://github.com/SumoLogic/sumologic-aws-lambda/tree/master/securityhub-forwarder
+    SpdxLicenseId: Apache-2.0
 Resources:
   SecurityHubForwarderApiGateway:
+    Type: AWS::Serverless::Api
     Properties:
+      StageName: prod
+      EndpointConfiguration: EDGE
       DefinitionBody:
+        swagger: '2.0'
         info:
-          description: API endpoint for invoking SecurityHubForwarderFunction
           title:
             Ref: AWS::StackName
+          description: API endpoint for invoking SecurityHubForwarderFunction
           version: 1.0.0
+        securityDefinitions:
+          sigv4:
+            type: apiKey
+            name: Authorization
+            in: header
+            x-amazon-apigateway-authtype: awsSigv4
         paths:
           /findings:
             post:
@@ -34,46 +54,50 @@ Resources:
               security:
               - sigv4: []
               x-amazon-apigateway-integration:
-                httpMethod: POST
-                passthroughBehavior: when_no_match
-                requestParameters:
-                  integration.request.header.X-Amz-Invocation-Type: '''RequestResponse'''
                 type: aws_proxy
                 uri:
                   Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${SecurityHubForwarderFunction.Arn}/invocations
-        securityDefinitions:
-          sigv4:
-            in: header
-            name: Authorization
-            type: apiKey
-            x-amazon-apigateway-authtype: awsSigv4
-        swagger: '2.0'
-      EndpointConfiguration: EDGE
-      StageName: prod
-    Type: AWS::Serverless::Api
+                passthroughBehavior: when_no_match
+                httpMethod: POST
+                requestParameters:
+                  integration.request.header.X-Amz-Invocation-Type: '''RequestResponse'''
+    Metadata:
+      SamResourceId: SecurityHubForwarderApiGateway
   SecurityHubForwarderFunction:
+    Type: AWS::Serverless::Function
     Properties:
-      CodeUri: s3://appdevstore/98ee274ed4543bd1e1344fec701211df
-      Events:
-        Api1:
-          Properties:
-            Method: POST
-            Path: /findings
-            RestApiId:
-              Ref: SecurityHubForwarderApiGateway
-          Type: Api
       Handler: securityhub_forwarder.lambda_handler
+      Runtime: python3.7
       Layers:
       - Fn::Sub: arn:aws:lambda:${AWS::Region}:956882708938:layer:securityhub_deps:1
+      CodeUri: s3://appdevstore/SecurityHubForwarder/v1.0.9/3589bbeb5907b695780f650d5374a74d
       MemorySize: 128
+      Timeout: 300
       Policies:
       - Statement:
-        - Action:
-          - securityhub:BatchImportFindings
+        - Sid: SecurityHubImportFindingsPolicy
           Effect: Allow
+          Action:
+          - securityhub:BatchImportFindings
           Resource: arn:aws:securityhub:*:*:*
-          Sid: SecurityHubImportFindingsPolicy
-      Runtime: python3.7
-      Timeout: 300
-    Type: AWS::Serverless::Function
-Transform: AWS::Serverless-2016-10-31
+      Events:
+        Api1:
+          Type: Api
+          Properties:
+            Path: /findings
+            Method: POST
+            RestApiId:
+              Ref: SecurityHubForwarderApiGateway
+    Metadata:
+      SamResourceId: SecurityHubForwarderFunction
+Outputs:
+  SecurityHubForwarderFunction:
+    Description: SecurityHubForwarder Function ARN
+    Value:
+      Fn::GetAtt:
+      - SecurityHubForwarderFunction
+      - Arn
+  SecurityHubForwarderApiUrl:
+    Description: URL of your API endpoint
+    Value:
+      Fn::Sub: https://${SecurityHubForwarderApiGateway}.execute-api.${AWS::Region}.amazonaws.com/prod/findings

securityhub-forwarder/sam/sam_package.sh

@@ -8,10 +8,18 @@ else
     SAM_S3_BUCKET="cf-templates-5d0x5unchag-us-east-2"
     AWS_REGION="us-east-2"
 fi
+version="1.0.9"
 
-sam package --template-file template.yaml --s3-bucket $SAM_S3_BUCKET  --output-template-file packaged.yaml
+echo "Creating package.yaml"
+sam package --template-file template.yaml --s3-bucket $SAM_S3_BUCKET  --output-template-file packaged.yaml --s3-prefix "SecurityHubForwarder/v"$version --region $AWS_REGION --profile $AWS_PROFILE
 
-sam deploy --template-file packaged.yaml --stack-name testingsecurityhubforwarder --capabilities CAPABILITY_IAM --region $AWS_REGION
+echo "Publishing sumologic-securityhub-forwarder "$version
+sam publish --template packaged.yaml --region $AWS_REGION --semantic-version $version
+
+echo "Published sumologic-securityhub-forwarder "$version
+
+# sam deploy --template-file packaged.yaml --stack-name testingsechubforwarder --capabilities CAPABILITY_IAM --region $AWS_REGION
 #aws cloudformation describe-stack-events --stack-name testingsecurityhublambda --region $AWS_REGION
 #aws cloudformation get-template --stack-name testingsecurityhublambda  --region $AWS_REGION
 # aws serverlessrepo create-application-version --region us-east-1 --application-id arn:aws:serverlessrepo:us-east-1:$AWS_ACCOUNT_ID:applications/sumologic-securityhub-forwarder --semantic-version 1.0.1 --template-body file://packaged.yaml
+

securityhub-forwarder/sam/template.yaml

@@ -2,6 +2,23 @@ AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
 Description: >
     This function is invoked by Sumo Logic(via Scheduled Search) through API Gateway. The event payload received is then forwarded to AWS Security Hub.
+Metadata:
+  AWS::ServerlessRepo::Application:
+    Author: Sumo Logic
+    Description: This lambda function is used for importing findings from Sumo Logic to AWS Security Hub. The function is invoked by Sumo Logic(via Scheduled Search) through API Gateway. The event payload received is then forwarded to AWS Security Hub.
+    HomePageUrl: https://github.com/SumoLogic/sumologic-aws-lambda
+    Labels:
+    - sumologic
+    - serverless
+    - security
+    - cloudwatchevents
+    - securityhub
+    Name: sumologic-securityhub-forwarder
+    LicenseUrl: ../LICENSE
+    ReadmeUrl: ../README.md
+    SemanticVersion: 1.0.9
+    SourceCodeUrl: https://github.com/SumoLogic/sumologic-aws-lambda/tree/master/securityhub-forwarder
+    SpdxLicenseId: Apache-2.0
 
 Resources:
   SecurityHubForwarderApiGateway:

securityhub-forwarder/test/testevent.json

@@ -0,0 +1,3 @@
+{
+   "body":"{\"Types\": \"Software and Configuration Checks\/Industry and Regulatory Standards\/HIPAA Controls\", \"Description\": \"This search gives top 10 resources which are accessed in last 15 minutes\", \"GeneratorID\": \"InsertFindingsScheduledSearch\", \"Severity\": 30, \"SourceUrl\": \"https:\/\/service.sumologic.com\/ui\/#\/search\/RmC8kAUGZbXrkj2rOFmUxmHtzINUgfJnFplh3QWY\", \"ComplianceStatus\": \"FAILED\", \"Rows\": \"[{\\\"Timeslice\\\":1545042427000,\\\"finding_time\\\":\\\"1545042427000\\\",\\\"item_name\\\":\\\"A nice dashboard.png\\\",\\\"title\\\":\\\"Vulnerability: Apple iTunes m3u Playlist File Title Parsing Buffer Overflow Vulnerability(34886) found on 207.235.176.3\\\",\\\"resource_id\\\":\\\"10.178.11.43\\\",\\\"resource_type\\\":\\\"Other\\\"},{\\\"Timeslice\\\":\\\"1545042427000\\\",\\\"finding_time\\\":\\\"1545042427000\\\",\\\"item_name\\\":\\\"Screen Shot 2014-07-30 at 11.39.29 PM.png\\\",\\\"title\\\":\\\"PCI Req 01: Traffic to Cardholder Environment: Direct external traffic to secure port on 10.178.11.43\\\",\\\"resource_id\\\":\\\"10.178.11.42\\\",\\\"resource_type\\\":\\\"AwsEc2Instance\\\"},{\\\"Timeslice\\\":\\\"1545042427000\\\",\\\"finding_time\\\":\\\"1545042427000\\\",\\\"item_name\\\":\\\"10388049_589057504526630_2031213996_n.jpg\\\",\\\"title\\\":\\\"Test Check Success for  207.235.176.5\\\",\\\"resource_id\\\":\\\"10.178.11.41\\\",\\\"resource_type\\\":\\\"Other\\\"}]\"}"
+}

securityhub-org/sumologic-securityhub-collector-awsorg/sam/packaged.yaml

@@ -21,9 +21,9 @@ Metadata:
     - cloudwatchevents
     - securityhub
     Name: sumologic-securityhub-connector-aws-org
-    LicenseUrl: s3://appdevstore/6092dd6c323e33634657102f570628e0
-    ReadmeUrl: s3://appdevstore/eb911876461845db8f3113dbace6d454
-    SemanticVersion: 1.0.0
+    LicenseUrl: s3://appdevstore/SecurityHubCollectorAWSOrg/v1.0.3/6092dd6c323e33634657102f570628e0
+    ReadmeUrl: s3://appdevstore/SecurityHubCollectorAWSOrg/v1.0.3/eb911876461845db8f3113dbace6d454
+    SemanticVersion: 1.0.3
     SourceCodeUrl: https://github.com/SumoLogic/sumologic-aws-lambda/tree/master/securityhub-org/sumologic-securityhub-connector-aws-org
     SpdxLicenseId: Apache-2.0
 Parameters:
@@ -37,11 +37,14 @@ Resources:
         rules_to_suppress:
         - id: W89
           reason: Lambda functions should be deployed inside a VPC
+      SamResourceId: SecurityHubCollectorAwsOrg
     Type: AWS::Serverless::Function
     Properties:
+      Layers:
+      - Fn::Sub: arn:aws:lambda:${AWS::Region}:956882708938:layer:securityhub_deps:1
       Handler: securityhub_collector_org.lambda_handler
       Runtime: python3.7
-      CodeUri: s3://appdevstore/c2ebca31013ee83ec84396c7df8c50a0
+      CodeUri: s3://appdevstore/SecurityHubCollectorAWSOrg/v1.0.3/b247f4f0bdd1aa0aca27ac7092c138ee
       MemorySize: 128
       Timeout: 300
       ReservedConcurrentExecutions: 100

securityhub-org/sumologic-securityhub-collector-awsorg/sam/sam_package.sh

@@ -6,11 +6,18 @@ else
     SAM_S3_BUCKET="appdevstore20211221-prod"
     AWS_REGION="us-east-1"
 fi
-sam package --template-file template.yaml --s3-bucket $SAM_S3_BUCKET  --output-template-file packaged.yaml
 
-sam publish --template packaged.yaml --region us-east-1
+version="1.0.3"
 
-# sam deploy --template-file packaged.yaml --stack-name testingsecurityhubcollectorawsorg --capabilities CAPABILITY_IAM --region $AWS_REGION --parameter-overrides ParameterKey=SumoEndpoint,ParameterValue=https://endpoint6.collection.us2.sumologic.com/receiver/v1/http/
+echo "Creating package.yaml"
+sam package --template-file template.yaml --s3-bucket $SAM_S3_BUCKET  --output-template-file packaged.yaml --s3-prefix "SecurityHubCollectorAWSOrg/v"$version --region $AWS_REGION --profile $AWS_PROFILE
+
+echo "Publishing sumologic-securityhub-forwarder "$version
+sam publish --template packaged.yaml --region $AWS_REGION --semantic-version $version
+
+echo "Published sumologic-securityhub-forwarder "$version
+
+# sam deploy --template-file packaged.yaml --stack-name testingsechubawsorg --capabilities CAPABILITY_IAM --region $AWS_REGION --parameter-overrides ParameterKey=SumoEndpoint,ParameterValue=https://collectors.sumologic.com/receiver/v1/http/ZaVnC4dhaV29FhnR-VQyA9mpray7QOE0aRQrtZnuNmMQ0DKr9ZVMGY5WIa0IWSjt_LkiUSjI71WGiDHRHStqwCApBp_49e_W-b6gM0_KnZlxBUBe-1yTFw==
 
 #aws --profile awsorg cloudformation describe-stack-events --stack-name testingsecurityhubcollectorawsorg --region $AWS_REGION
 #aws --profile awsorg cloudformation get-template --stack-name testingsecurityhubcollectorawsorg  --region $AWS_REGION

securityhub-org/sumologic-securityhub-collector-awsorg/sam/template.yaml

@@ -20,7 +20,7 @@ Metadata:
     Name: sumologic-securityhub-connector-aws-org
     LicenseUrl: ../LICENSE
     ReadmeUrl: ../README.md
-    SemanticVersion: 1.0.0
+    SemanticVersion: 1.0.3
     SourceCodeUrl: https://github.com/SumoLogic/sumologic-aws-lambda/tree/master/securityhub-org/sumologic-securityhub-connector-aws-org
     SpdxLicenseId: Apache-2.0
 
@@ -39,6 +39,8 @@ Resources:
             reason: "Lambda functions should be deployed inside a VPC"  
     Type: 'AWS::Serverless::Function'
     Properties:
+      Layers:
+        - !Sub 'arn:aws:lambda:${AWS::Region}:956882708938:layer:securityhub_deps:1'
       Handler: securityhub_collector_org.lambda_handler
       Runtime: python3.7
       CodeUri: ../src/

securityhub-org/sumologic-securityhub-collector-awsorg/src/securityhub_collector_org.py

@@ -50,7 +50,7 @@ def lambda_handler(event, context):
 
 if __name__ == '__main__':
 
-    event = json.load(open('../sam/event.json'))
+    event = json.load(open('../test/testevent.json'))
     BUCKET_NAME = "securityhubfindings"
 
     class context: