Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[rules] Added AWS Config Compliance and Remediation Rules #1140

Merged
merged 1 commit into from
Mar 10, 2020
Merged

[rules] Added AWS Config Compliance and Remediation Rules #1140

merged 1 commit into from
Mar 10, 2020

Conversation

jack1902
Copy link
Contributor

to: @ryandeivert
cc: @airbnb/streamalert-maintainers
related to:
resolves:

Background

Added Rules to trigger alerts on AWS Config NON_COMPLIANT and when Config Remediation takes place

Changes

  • Added rule to Alert on AWS Config NON_COMPLIANT
  • Added rule to Alert on AWS Config Remediation (this is extremely useful to notify people they got auto-remediated so they don't go crazy when things just suddenly change on them)

Testing

  • Added the .json file to run ./manage test rules Rules engine passes :)
  • Ran ./tests/scripts/pylint.sh Fixed errors
  • Ran ./tests/scripts/unit_tests.sh

@coveralls
Copy link

coveralls commented Feb 20, 2020

Coverage Status

Coverage remained the same at 95.427% when pulling e3cfa59 on jack1902:rules/aws_config into fcdf0a8 on airbnb:release-3-1-0.

@jack1902
Copy link
Contributor Author

jack1902 commented Feb 20, 2020

Alternatively, this could be placed under rules/community/config/ with names like compliance.py and remediation.py this then makes one rule per file under the service within AWS. This would make it easier to break down test files to trigger ONE rule instead of multiple since the test files currently map to the rules folder.

This is a wider structure question which i'm happy to put into a seperate issue as i see rules/community/cloudtrail potentially ballooning into a lot of files making it difficult to track specific things down

@Ryxias Ryxias added this to the 3.1.0 milestone Feb 20, 2020
@Ryxias Ryxias added the rules label Feb 20, 2020
rules/matchers/matchers.py Outdated Show resolved Hide resolved
* Aws prefix added to relevant matchers

Signed-off-by: jack1902 <39212456+jack1902@users.noreply.github.com>
@Ryxias Ryxias merged commit f8a9da4 into airbnb:release-3-1-0 Mar 10, 2020
@jack1902 jack1902 deleted the rules/aws_config branch March 10, 2020 21:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants