Merge pull request #8 from lacework-alliances/7-update-mfa-struct-from-int-to-bool

jbonner7 · web-flow · commit 6078acba732d · 2025-02-06T09:17:52.000-05:00
fixes (#7)
diff --git a/amazon-security-lake-integration.yml b/amazon-security-lake-integration.yml
@@ -99,7 +99,7 @@ Resources:
       ServiceToken: !GetAtt "CopyZipsFunction.Arn"
       DestBucket: !Ref "LambdaZipsBucket"
       SourceBucket: "lacework-alliances"
-      Prefix: "lacework-amazon-security-lake-dev"
+      Prefix: "lacework-amazon-security-lake"
       Objects:
         - "/lambda/amazon-security-lake.zip"
 
@@ -206,7 +206,7 @@ Resources:
     Properties:
       Code:
         S3Bucket: !Ref LambdaZipsBucket
-        S3Key: !Join ["", ["lacework-amazon-security-lake-dev", "/lambda/amazon-security-lake.zip"]]
+        S3Key: !Join ["", ["lacework-amazon-security-lake", "/lambda/amazon-security-lake.zip"]]
       Handler: bootstrap
       Runtime: provided.al2023
       Environment:
@@ -217,7 +217,7 @@ Resources:
           lacework_access_key_id: !Ref LaceworkAccessKeyID
           lacework_secret_key: !Ref LaceworkSecretKey
           event_bus_arn: !GetAtt LaceworkAmazonSecurityLakeEventBus.Arn
-          alert_channel_name: !Join [ "-", ["Lacework-Amazon-Security-Lake-dev", !Select [2, !Split [ "/", !Ref "AWS::StackId"]]]]
+          alert_channel_name: !Join [ "-", ["Lacework-Amazon-Security-Lake", !Select [2, !Split [ "/", !Ref "AWS::StackId"]]]]
           amazon_security_lake_cache_s3_bucket_name: !Ref AmazonSecurityLakeCacheS3Bucket
       Role: !GetAtt LaceworkAmazonSecurityLakeSetupFunctionRole.Arn
 
@@ -301,7 +301,7 @@ Resources:
     Properties:
       Code:
         S3Bucket: !Ref LambdaZipsBucket
-        S3Key: !Join ["", ["lacework-amazon-security-lake-dev", "/lambda/amazon-security-lake.zip"]]
+        S3Key: !Join ["", ["lacework-amazon-security-lake", "/lambda/amazon-security-lake.zip"]]
       Handler: bootstrap
       MemorySize: 256
       Timeout: 30
diff --git a/internal/findings/mappings.go b/internal/findings/mappings.go
@@ -86,7 +86,7 @@ func InitMap() map[string][]int {
 	eventMap["CustomerMasterKeyScheduledForDeletion"] = []int{ocsf.CategoryUIDAuditActivity, ocsf.ClassUIDAccountChange}
 	eventMap["SuccessfulConsoleLoginWithoutMFA"] = []int{ocsf.CategoryUIDAuditActivity, ocsf.ClassUIDAuthentication}
 	eventMap["FailedConsoleLogin"] = []int{ocsf.CategoryUIDAuditActivity, ocsf.ClassUIDAuthentication}
-	eventMap["UsageOfRootAccount"] = []int{ocsf.CategoryUIDAuditActivity, ocsf.ClassUIDAuthorization}
+	eventMap["Usage of Root Account"] = []int{ocsf.CategoryUIDAuditActivity, ocsf.ClassUIDAuthorization}
 	eventMap["UnauthorizedAPICall"] = []int{ocsf.CategoryUIDCloudActivity, ocsf.ClassUIDCloudApi}
 	eventMap["ConfigServiceChange"] = []int{ocsf.CategoryUIDCloudActivity, ocsf.ClassUIDCloudApi}
 	eventMap["CloudTrailDefaultAlert"] = []int{ocsf.CategoryUIDCloudActivity, ocsf.ClassUIDCloudApi}
diff --git a/pkg/lacework/lacework.go b/pkg/lacework/lacework.go
@@ -58,7 +58,7 @@ type CtUser struct {
 	AccountID   string   `json:"ACCOUNT_ID"`
 	RegionList  []string `json:"REGION_LIST"`
 	Username    string   `json:"USERNAME"`
-	Mfa         int      `json:"MFA"`
+	Mfa         bool     `json:"MFA"`
 	APIList     []string `json:"API_LIST"`
 	PrincipalID string   `json:"PRINCIPAL_ID"`
 }

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ type CtUser struct {`
`58`	`58`	AccountID string `json:"ACCOUNT_ID"`
`59`	`59`	RegionList []string `json:"REGION_LIST"`
`60`	`60`	Username string `json:"USERNAME"`
`61`		- Mfa int `json:"MFA"`
	`61`	+ Mfa bool `json:"MFA"`
`62`	`62`	APIList []string `json:"API_LIST"`
`63`	`63`	PrincipalID string `json:"PRINCIPAL_ID"`
`64`	`64`	`}`