Skip to content

Commit 609f737

Browse files
authored
Merge pull request #14452 from Azure/v-shukore/awssecurityhub
added workbookmetadata for awssecuritycompliance workbook
2 parents c475979 + 80da46e commit 609f737

11 files changed

Lines changed: 50 additions & 32 deletions
174 Bytes
Binary file not shown.

Solutions/AWS Security Hub/Package/createUiDefinition.json

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,7 @@
110110
"name": "workbook1-text",
111111
"type": "Microsoft.Common.TextBlock",
112112
"options": {
113-
"text": "Configure AWS Security Hub Compliance Workbook"
113+
"text": "Gain insights into AWS Security Hub compliance findings imported into Microsoft Sentinel. View compliance trends, severity distribution, top finding types, and audit logs."
114114
}
115115
}
116116
]
@@ -327,8 +327,7 @@
327327
"outputs": {
328328
"workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
329329
"location": "[location()]",
330-
"workspace": "[basics('workspace')]",
331-
"workbook1-name": "AWSSecurityHubComplianceWorkbook.json"
330+
"workspace": "[basics('workspace')]"
332331
}
333332
}
334333
}

Solutions/AWS Security Hub/Package/mainTemplate.json

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@
3030
},
3131
"workbook1-name": {
3232
"type": "string",
33-
"defaultValue": null,
33+
"defaultValue": "AWS Security Hub Compliance Workbook",
3434
"minLength": 1,
3535
"metadata": {
3636
"description": "Name for the workbook"
@@ -58,8 +58,8 @@
5858
"_solutionVersion": "3.0.3",
5959
"solutionId": "azuresentinel.azure-sentinel-solution-awssecurityhub",
6060
"_solutionId": "[variables('solutionId')]",
61-
"workbookVersion1": "",
62-
"workbookContentId1": "",
61+
"workbookVersion1": "1.0.0",
62+
"workbookContentId1": "AWSSecurityHubComplianceWorkbook",
6363
"workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
6464
"workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
6565
"_workbookContentId1": "[variables('workbookContentId1')]",
@@ -144,7 +144,7 @@
144144
"huntingQueryTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('d5818873-a2ab-4467-8e97-60fe56ca10cc')))]"
145145
},
146146
"_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]",
147-
"ComplianceControlId": "ComplianceSecurityControlId",
147+
"ComplianceControlId": "ComplianceSecurityControlId",
148148
"_ComplianceControlId": "[variables('ComplianceControlId')]",
149149
"FindingId": "AwsSecurityFindingId",
150150
"_FindingId": "[variables('FindingId')]"
@@ -173,7 +173,7 @@
173173
"kind": "shared",
174174
"apiVersion": "2021-08-01",
175175
"metadata": {
176-
"description": ""
176+
"description": "Gain insights into AWS Security Hub compliance findings imported into Microsoft Sentinel. View compliance trends, severity distribution, top finding types, and audit logs."
177177
},
178178
"properties": {
179179
"displayName": "[parameters('workbook1-name')]",
@@ -188,7 +188,7 @@
188188
"apiVersion": "2022-01-01-preview",
189189
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
190190
"properties": {
191-
"description": ".description",
191+
"description": "@{workbookKey=AWSSecurityHubComplianceWorkbook; logoFileName=Aws.svg; description=Gain insights into AWS Security Hub compliance findings imported into Microsoft Sentinel. View compliance trends, severity distribution, top finding types, and audit logs.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=AWS Security Hub Compliance Workbook; templateRelativePath=AWSSecurityHubComplianceWorkbook.json; subtitle=; provider=AWS Security Hub}.description",
192192
"parentId": "[variables('workbookId1')]",
193193
"contentId": "[variables('_workbookContentId1')]",
194194
"kind": "Workbook",
@@ -916,9 +916,9 @@
916916
}
917917
],
918918
"customDetails": {
919-
"ComplianceControlId": "[variables('_ComplianceControlId')]",
920919
"Region": "AwsRegion",
921-
"FindingId": "[variables('_FindingId')]"
920+
"FindingId": "[variables('_FindingId')]",
921+
"ComplianceControlId": "[variables('_ComplianceControlId')]"
922922
},
923923
"alertDetailsOverride": {
924924
"alertDescriptionFormat": "AWS CloudTrail trail ({{TrailId}}) lacks customer-managed KMS encryption for Account {{AwsAccountId}}.",
@@ -1046,11 +1046,11 @@
10461046
}
10471047
],
10481048
"customDetails": {
1049-
"OpenHighRiskPorts": "OpenHighRiskPorts",
1050-
"ComplianceControlId": "[variables('_ComplianceControlId')]",
10511049
"Region": "AwsRegion",
10521050
"SecurityGroupId": "SecurityGroupId",
1053-
"FindingId": "[variables('_FindingId')]"
1051+
"OpenHighRiskPorts": "OpenHighRiskPorts",
1052+
"FindingId": "[variables('_FindingId')]",
1053+
"ComplianceControlId": "[variables('_ComplianceControlId')]"
10541054
},
10551055
"alertDetailsOverride": {
10561056
"alertDescriptionFormat": "EC2 Security group {{SecurityGroupId}} allows unrestricted (0.0.0.0/0 or ::/0) ingress to high-risk ports: {{OpenHighRiskPorts}}. Restrict or remove the offending rules.",
@@ -1171,9 +1171,9 @@
11711171
}
11721172
],
11731173
"customDetails": {
1174-
"ComplianceControlId": "[variables('_ComplianceControlId')]",
11751174
"Region": "AwsRegion",
1176-
"FindingId": "[variables('_FindingId')]"
1175+
"FindingId": "[variables('_FindingId')]",
1176+
"ComplianceControlId": "[variables('_ComplianceControlId')]"
11771177
},
11781178
"alertDetailsOverride": {
11791179
"alertDescriptionFormat": "AWS Account {{AwsAccountId}} has IAM Policy {{IAMPolicyId}} with full administrative privileges.",
@@ -1296,10 +1296,10 @@
12961296
}
12971297
],
12981298
"customDetails": {
1299-
"ComplianceControlId": "[variables('_ComplianceControlId')]",
13001299
"Region": "AwsRegion",
13011300
"RootUserARN": "RootUserARN",
1302-
"FindingId": "[variables('_FindingId')]"
1301+
"FindingId": "[variables('_FindingId')]",
1302+
"ComplianceControlId": "[variables('_ComplianceControlId')]"
13031303
},
13041304
"alertDetailsOverride": {
13051305
"alertDescriptionFormat": "AWS Account {{AwsAccountId}} has root user without MFA (Resource: {{RootUserARN}}).",
@@ -1422,10 +1422,10 @@
14221422
}
14231423
],
14241424
"customDetails": {
1425-
"ComplianceControlId": "[variables('_ComplianceControlId')]",
14261425
"Region": "AwsRegion",
14271426
"RootUserARN": "RootUserARN",
1428-
"FindingId": "[variables('_FindingId')]"
1427+
"FindingId": "[variables('_FindingId')]",
1428+
"ComplianceControlId": "[variables('_ComplianceControlId')]"
14291429
},
14301430
"alertDetailsOverride": {
14311431
"alertDescriptionFormat": "AWS Account {{AwsAccountId}} has a root user access key (Resource: {{RootUserARN}}).",
@@ -1552,9 +1552,9 @@
15521552
}
15531553
],
15541554
"customDetails": {
1555-
"ComplianceControlId": "[variables('_ComplianceControlId')]",
15561555
"Region": "AwsRegion",
1557-
"FindingId": "[variables('_FindingId')]"
1556+
"FindingId": "[variables('_FindingId')]",
1557+
"ComplianceControlId": "[variables('_ComplianceControlId')]"
15581558
},
15591559
"alertDetailsOverride": {
15601560
"alertDescriptionFormat": "AWS Account {{AwsAccountId}} has an SQS queue ({{QueueArn}}) without server-side encryption enabled. Enable KMS encryption to protect message data at rest.",
@@ -1680,10 +1680,10 @@
16801680
}
16811681
],
16821682
"customDetails": {
1683-
"ComplianceControlId": "[variables('_ComplianceControlId')]",
16841683
"Region": "AwsRegion",
16851684
"QueueArn": "QueueArn",
1686-
"FindingId": "[variables('_FindingId')]"
1685+
"FindingId": "[variables('_FindingId')]",
1686+
"ComplianceControlId": "[variables('_ComplianceControlId')]"
16871687
},
16881688
"alertDetailsOverride": {
16891689
"alertDescriptionFormat": "AWS Account {{AwsAccountId}} has an SQS queue ({{QueueArn}}) with a policy permitting public access. Review and restrict the queue access policy.",
@@ -1798,9 +1798,9 @@
17981798
}
17991799
],
18001800
"customDetails": {
1801-
"ComplianceControlId": "[variables('_ComplianceControlId')]",
18021801
"Region": "AwsRegion",
1803-
"FindingId": "[variables('_FindingId')]"
1802+
"FindingId": "[variables('_FindingId')]",
1803+
"ComplianceControlId": "[variables('_ComplianceControlId')]"
18041804
},
18051805
"alertDetailsOverride": {
18061806
"alertDescriptionFormat": "AWS Account {{AwsAccountId}} has SSM documents with public sharing enabled. Disable public sharing setting to prevent unintended exposure of automation documents.",

Solutions/AWS Security Hub/Package/testParameters.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@
2323
},
2424
"workbook1-name": {
2525
"type": "string",
26-
"defaultValue": null,
26+
"defaultValue": "AWS Security Hub Compliance Workbook",
2727
"minLength": 1,
2828
"metadata": {
2929
"description": "Name for the workbook"
Lines changed: 3 additions & 0 deletions
Loading
130 KB
Loading
136 KB
Loading
147 KB
Loading
183 KB
Loading
200 KB
Loading

0 commit comments

Comments
 (0)