-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGuardDuty-Lambda-Python-code.py
60 lines (49 loc) · 2.13 KB
/
GuardDuty-Lambda-Python-code.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
import boto3, os, sys, json, logging
# Set the global variables
globalVars = {}
globalVars['Owner'] = "JJTech"
globalVars['Environment'] = "Development"
globalVars['REGION_NAME'] = "us-west-2"
globalVars['tagName'] = "Serverless-GuardDuty-Findings-To-CloudWatch-Events"
globalVars['SNSTopicArn'] = "arn:aws:sns:us-west-2:464599248654:JJTech-GuarDuty-SNS"
sns_client = boto3.client('sns')
# Set the log format
logger = logging.getLogger()
for h in logger.handlers:
logger.removeHandler(h)
h = logging.StreamHandler(sys.stdout)
FORMAT = ' [%(levelname)s]/%(asctime)s/%(name)s - %(message)s'
h.setFormatter(logging.Formatter(FORMAT))
logger.addHandler(h)
logger.setLevel(logging.INFO)
"""
If User provides different values, override defaults
"""
def setGlobalVars():
try:
if os.environ['SNSTopicArn']:
globalVars['SNSTopicArn'] = os.environ['SNSTopicArn']
except KeyError as e:
logger.error('ERROR: SNS Topic ARN is missing, Using default GlobalVars - {0}'.format( globalVars['SNSTopicArn'] ) )
logger.error('ERROR: {0}'.format( str(e) ) )
pass
"""
This function pushes GuardDuty *Findings* to SNS Topic to be picked up ITSM Tools for Alerting.
"""
def push_To_SNS_Topic(event):
try:
response = sns_client.publish(
TopicArn = globalVars['SNSTopicArn'],
Message = json.dumps(event),
Subject = event['detail']['title']
)
logger.info('SUCCESS: Pushed GuardDuty Finding to SNS Topic')
return "Successly pushed to Notification to SNS Topic"
except KeyError as e:
logger.error('ERROR: Unable to push to SNS Topic: Check [1] SNS Topic ARN is invalid, [2] IAM Role Permissions{0}'.format( str(e) ) )
logger.error('ERROR: {0}'.format( str(e) ) )
def lambda_handler(event, context):
setGlobalVars()
return push_To_SNS_Topic(event)
if __name__ == '__main__':
lambda_handler(None, None)