From eab03adac81bb3474fdc1231a22d83a0e2f0e771 Mon Sep 17 00:00:00 2001 From: pozeus Date: Tue, 4 Aug 2020 10:22:14 +0200 Subject: [PATCH] Fixing KeyError details Lambdas CIS_2-9_RR & CIS_1-3_1-4_RR When executing Lambdas for CIS 2.9, CIS 1.3 and CIS 1.4 you get "[ERROR] KeyError: 'Details'" due to params "nonRotatedKeyUser" and "noncompliantVPC" not being formatted in same way as the CloudWatch event. Combination of above solves this issue. --- SecurityHub_CISPlaybooks_CloudFormation.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/SecurityHub_CISPlaybooks_CloudFormation.yaml b/SecurityHub_CISPlaybooks_CloudFormation.yaml index c7f8281..6ba50d4 100644 --- a/SecurityHub_CISPlaybooks_CloudFormation.yaml +++ b/SecurityHub_CISPlaybooks_CloudFormation.yaml @@ -100,7 +100,7 @@ Resources: import datetime import os def lambda_handler(event, context): - nonRotatedKeyUser = str(event['detail']['findings'][0]['Resources'][0]['Details']['Other']['userName']) + nonRotatedKeyUser = str(event['detail']['findings'][0]['Resources'][0]['Id']).rsplit('/', 1)[-1] findingId = str(event['detail']['findings'][0]['Id']) lambdaFunctionName = os.environ['AWS_LAMBDA_FUNCTION_NAME'] # Create bot3 clients and resource @@ -1024,7 +1024,7 @@ Resources: import os def lambda_handler(event, context): # Grab non-logged VPC ID from Security Hub finding - noncompliantVPC = str(event['detail']['findings'][0]['Resources'][0]['Details']['Other']['vpcId']) + noncompliantVPC = str(event['detail']['findings'][0]['Resources'][0]['Id']).rsplit('/', 1)[-1] findingId = str(event['detail']['findings'][0]['Id']) # import lambda runtime vars lambdaFunctionName = os.environ['AWS_LAMBDA_FUNCTION_NAME'] @@ -1714,4 +1714,4 @@ Resources: SourceArn: Fn::GetAtt: - "CIS43RREventRule" - - "Arn" \ No newline at end of file + - "Arn"