The code in this repo accompanies the AWS Security Blog Post: Use AWS Fargate and Prowler to send AWS Service security configuration findings to Security Hub. Prowler checks are ran from a container running on AWS Fargate which are sent to DynamoDB for persistence. Subsequent checks won't be sent to Security Hub if they are duplicate findings as only New Images are sent to the Stream.
For more information on Prowler see: https://github.com/toniblyx/prowler For more information on DynamoDB Streams see: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html
Copy or download the AWS CloudFormation template ProwlerToSecurityHub_CloudFormation.yml
and create a Stack from it. The rest of the instructions are within the Blog.
The integration works as follows:
- A time-based CloudWatch Event will start the Fargate task on a schedule
- Fargate will pull a Docker image from Amazon Elastic Container Registry (ECR) that contains Prowler and Python scripts used to load an Amazon DynamoDB table.
- Prowler scans your AWS infrastructure and writes the scan results to a CSV file
- Python scripts convert the CSV to JSON and load DynamoDB with formatted Prowler findings
- A DynamoDB stream invokes an AWS Lambda function
- Lambda maps Prowler findings into the Amazon Security Finding Format (ASFF) before importing them to Security Hub
That will appear in the Description of the finding
This library is licensed under the MIT-0 License. See the LICENSE file.