RubyGems - aws_recon - Versions diffs - 0.2.19 → 0.2.20 - Mend

aws_recon 0.2.19 → 0.2.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/aws_recon/collectors/guardduty.rb +14 -1
data/lib/aws_recon/collectors/secretsmanager.rb +26 -0
data/lib/aws_recon/collectors/securityhub.rb +23 -0
data/lib/aws_recon/services.yaml +4 -0
data/lib/aws_recon/version.rb +1 -1
data/readme.md +2 -0
metadata +4 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aceb7412370bc6945f910f6579dcc9f7a188070fd35f7ec3325300d544f01d12
-  data.tar.gz: f35b334bead563849a2a1bce8623076c7d23237c21eb85409b7371d93ebc9f9d
+  metadata.gz: 6b945e5c44370658e13ee470fee26d7e0b46fb6102a661485be9513af305f45d
+  data.tar.gz: 969330b10b9a8264bdb5759b1c910b74ccf05e855f8f380cdebdac8b3694fb11
 SHA512:
-  metadata.gz: 9f31da81396ac07fee4d331a05cbe5706fde48bc9c0617a5bc5640c61e68b56f499b4be8b659d6cdf61335665c898f638f20380968df68ad536c5114966d25bd
-  data.tar.gz: 958d528054caefa1c8d3e9b7d2a005f52ddaeaa0b89d566e5a3fddcfb81300e497a40e3fab039656fa2dc091d89d15535d76b863f4ded6c133118aea2fc59df9
+  metadata.gz: a7d26039b60a21370bd7000d7ccaca93cfc5efc7c0dba88ae5d7ea12d63d3a7b8f973b06d3a1a2633fb82804a716f163ffda23f96a00ee73251eb85956f14dfd
+  data.tar.gz: 61b1aa696e9ec44fd6b93d4ced975be8a2bb514537ed232db8a11cb840045bc52132a215a21a99e573f4df0b557b1612eb4dda458c249c0e5f86939b83049680

data/lib/aws_recon/collectors/guardduty.rb CHANGED

@@ -21,8 +21,21 @@ class GuardDuty < Mapper
         struct.type = 'detector'
         struct.arn = "arn:aws:guardduty:#{@region}:detector/#{detector}"
+        # get_findings_statistics (only active findings)
+        struct.findings_statistics = @client.get_findings_statistics({
+                                                                       detector_id: detector,
+                                                                       finding_statistic_types: ['COUNT_BY_SEVERITY'],
+                                                                       finding_criteria: {
+                                                                         criterion: {
+                                                                           'service.archived': {
+                                                                             eq: ['false']
+                                                                           }
+                                                                         }
+                                                                       }
+                                                                     }).finding_statistics.to_h
         # get_master_account
-        struct.master_account = @client.get_master_account({ detector_id: detector }).to_h
+        struct.master_account = @client.get_master_account({ detector_id: detector }).master.to_h
         resources.push(struct.to_h)
       end

data/lib/aws_recon/collectors/secretsmanager.rb ADDED

@@ -0,0 +1,26 @@
+class SecretsManager < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+    #
+    # describe_auto_scaling_groups
+    #
+    @client.list_secrets.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+      response.secret_list.each_with_index do |secret, i|
+        log(response.context.operation_name, i)
+        struct = OpenStruct.new(secret.to_h)
+        struct.type = 'secret'
+        resources.push(struct.to_h)
+      end
+    end
+    resources
+  end
+end

data/lib/aws_recon/collectors/securityhub.rb ADDED

@@ -0,0 +1,23 @@
+class SecurityHub < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+    #
+    # describe_hub
+    #
+    @client.describe_hub.each do |response|
+      log(response.context.operation_name)
+      struct = OpenStruct.new(response.to_h)
+      struct.type = 'hub'
+      struct.arn = response.hub_arn
+      resources.push(struct.to_h)
+    end
+    resources
+  end
+end

data/lib/aws_recon/services.yaml CHANGED

@@ -91,6 +91,10 @@
   alias: cloudwatchlogs
 - name: Kafka
   alias: kafka
+- name: SecretsManager
+  alias: sm
+- name: SecurityHub
+  alias: sh
 - name: Support
   global: true
   alias: support

data/lib/aws_recon/version.rb CHANGED

@@ -1,3 +1,3 @@
 module AwsRecon
-  VERSION = "0.2.19"
+  VERSION = "0.2.20"
 end

data/readme.md CHANGED

@@ -270,6 +270,8 @@ AWS Recon aims to collect all resources and metadata that are relevant in determ
 - [x] S3
 - [x] SageMaker
 - [x] SES
+- [x] SecretsManager
+- [x] SecurityHub
 - [x] ServiceQuotas
 - [x] Shield
 - [x] SNS

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws_recon
 version: !ruby/object:Gem::Version
-  version: 0.2.19
+  version: 0.2.20
 platform: ruby
 authors:
 - Josh Larsen
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-11-25 00:00:00.000000000 Z
+date: 2020-11-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -223,6 +223,8 @@ files:
 - lib/aws_recon/collectors/route53domains.rb
 - lib/aws_recon/collectors/s3.rb
 - lib/aws_recon/collectors/sagemaker.rb
+- lib/aws_recon/collectors/secretsmanager.rb
+- lib/aws_recon/collectors/securityhub.rb
 - lib/aws_recon/collectors/servicequotas.rb
 - lib/aws_recon/collectors/ses.rb
 - lib/aws_recon/collectors/shield.rb