regscale-cli 6.21.2.0__py3-none-any.whl → 6.28.2.1__py3-none-any.whl

regscale/integrations/commercial/aws/inventory/resources/security.py

@@ -1,58 +1,118 @@
 """AWS security resource collectors."""
 
-from typing import Dict, List, Any
+from typing import Dict, List, Any, Optional
 
+from regscale.integrations.commercial.aws.inventory.resources.audit_manager import AuditManagerCollector
+from regscale.integrations.commercial.aws.inventory.resources.cloudtrail import CloudTrailCollector
+from regscale.integrations.commercial.aws.inventory.resources.config import ConfigCollector
+from regscale.integrations.commercial.aws.inventory.resources.guardduty import GuardDutyCollector
+from regscale.integrations.commercial.aws.inventory.resources.iam import IAMCollector
+from regscale.integrations.commercial.aws.inventory.resources.inspector import InspectorCollector
+from regscale.integrations.commercial.aws.inventory.resources.kms import KMSCollector
+from regscale.integrations.commercial.aws.inventory.resources.securityhub import SecurityHubCollector
 from ..base import BaseCollector
 
 
 class SecurityCollector(BaseCollector):
     """Collector for AWS security resources."""
 
-    def get_iam_info(self) -> Dict[str, List[Dict[str, Any]]]:
+    def __init__(
+        self,
+        session: Any,
+        region: str,
+        account_id: Optional[str] = None,
+        tags: Optional[Dict[str, str]] = None,
+        enabled_services: Optional[Dict[str, bool]] = None,
+        collect_findings: bool = True,
+    ):
         """
-        Get information about IAM users and roles.
+        Initialize security collector.
 
-        :return: Dictionary containing IAM user and role information
-        :rtype: Dict[str, List[Dict[str, Any]]]
+        :param session: AWS session to use for API calls
+        :param str region: AWS region to collect from
+        :param str account_id: Optional AWS account ID to filter resources
+        :param dict tags: Optional tags to filter resources (key-value pairs)
+        :param dict enabled_services: Optional dict of service names to boolean flags for enabling/disabling collection
+        :param bool collect_findings: Whether to collect security findings (GuardDuty, Security Hub, Inspector)
+        """
+        super().__init__(session, region)
+        self.account_id = account_id
+        self.tags = tags or {}
+        self.enabled_services = enabled_services or {}
+        self.collect_findings = collect_findings
+
+    def get_cloudtrail_info(self) -> Dict[str, Any]:
+        """
+        Get information about CloudTrail trails.
+
+        :return: Dictionary containing CloudTrail trail information
+        :rtype: Dict[str, Any]
         """
-        iam_info = {"Users": [], "Roles": []}
         try:
-            iam = self._get_client("iam")
+            cloudtrail_collector = CloudTrailCollector(self.session, self.region, self.account_id)
+            return cloudtrail_collector.collect()
+        except Exception as e:
+            self._handle_error(e, "CloudTrail trails")
+            return {"Trails": [], "TrailStatuses": {}}
 
-            # Get users
-            user_paginator = iam.get_paginator("list_users")
-            for page in user_paginator.paginate():
-                for user in page.get("Users", []):
-                    iam_info["Users"].append(
-                        {
-                            "UserName": user.get("UserName"),
-                            "UserId": user.get("UserId"),
-                            "Arn": user.get("Arn"),
-                            "CreateDate": str(user.get("CreateDate")),
-                            "PasswordLastUsed": (
-                                str(user.get("PasswordLastUsed")) if user.get("PasswordLastUsed") else None
-                            ),
-                        }
-                    )
+    def get_config_info(self) -> Dict[str, Any]:
+        """
+        Get information about AWS Config resources.
 
-            # Get roles
-            role_paginator = iam.get_paginator("list_roles")
-            for page in role_paginator.paginate():
-                for role in page.get("Roles", []):
-                    iam_info["Roles"].append(
-                        {
-                            "RoleName": role.get("RoleName"),
-                            "RoleId": role.get("RoleId"),
-                            "Arn": role.get("Arn"),
-                            "CreateDate": str(role.get("CreateDate")),
-                            "AssumeRolePolicyDocument": role.get("AssumeRolePolicyDocument"),
-                            "Description": role.get("Description"),
-                            "MaxSessionDuration": role.get("MaxSessionDuration"),
-                        }
-                    )
+        :return: Dictionary containing AWS Config information
+        :rtype: Dict[str, Any]
+        """
+        try:
+            config_collector = ConfigCollector(self.session, self.region, self.account_id)
+            return config_collector.collect()
+        except Exception as e:
+            self._handle_error(e, "AWS Config resources")
+            return {
+                "ConfigurationRecorders": [],
+                "RecorderStatuses": [],
+                "DeliveryChannels": [],
+                "ConfigRules": [],
+                "ComplianceSummary": [],
+            }
+
+    def get_guardduty_info(self) -> Dict[str, Any]:
+        """
+        Get information about GuardDuty resources.
+
+        :return: Dictionary containing GuardDuty information
+        :rtype: Dict[str, Any]
+        """
+        try:
+            guardduty_collector = GuardDutyCollector(
+                self.session, self.region, self.account_id, self.tags, self.collect_findings
+            )
+            return guardduty_collector.collect()
+        except Exception as e:
+            self._handle_error(e, "GuardDuty resources")
+            return {"Detectors": [], "Findings": [], "Members": []}
+
+    def get_iam_info(self) -> Dict[str, Any]:
+        """
+        Get information about IAM resources.
+
+        :return: Dictionary containing IAM resource information
+        :rtype: Dict[str, Any]
+        """
+        try:
+            iam_collector = IAMCollector(self.session, self.region, self.account_id)
+            return iam_collector.collect()
         except Exception as e:
-            self._handle_error(e, "IAM users and roles")
-        return iam_info
+            self._handle_error(e, "IAM resources")
+            return {
+                "Users": [],
+                "Roles": [],
+                "Groups": [],
+                "Policies": [],
+                "AccessKeys": [],
+                "MFADevices": [],
+                "AccountSummary": {},
+                "PasswordPolicy": {},
+            }
 
     def get_kms_keys(self) -> List[Dict[str, Any]]:
         """
@@ -61,33 +121,13 @@ class SecurityCollector(BaseCollector):
         :return: List of KMS key information
         :rtype: List[Dict[str, Any]]
         """
-        keys = []
         try:
-            kms = self._get_client("kms")
-            paginator = kms.get_paginator("list_keys")
-
-            for page in paginator.paginate():
-                for key in page.get("Keys", []):
-                    try:
-                        key_info = kms.describe_key(KeyId=key["KeyId"])["KeyMetadata"]
-                        keys.append(
-                            {
-                                "Region": self.region,
-                                "KeyId": key_info.get("KeyId"),
-                                "Arn": key_info.get("Arn"),
-                                "Description": key_info.get("Description"),
-                                "Enabled": key_info.get("Enabled"),
-                                "KeyState": key_info.get("KeyState"),
-                                "CreationDate": str(key_info.get("CreationDate")),
-                                "Origin": key_info.get("Origin"),
-                                "KeyManager": key_info.get("KeyManager"),
-                            }
-                        )
-                    except Exception as e:
-                        self._handle_error(e, f"KMS key {key['KeyId']}")
+            kms_collector = KMSCollector(self.session, self.region, self.account_id)
+            result = kms_collector.collect()
+            return result.get("Keys", [])
         except Exception as e:
             self._handle_error(e, "KMS keys")
-        return keys
+            return []
 
     def get_secrets(self) -> List[Dict[str, Any]]:
         """
@@ -224,17 +264,173 @@ class SecurityCollector(BaseCollector):
             self._handle_error(e, "ACM certificates")
         return certificates
 
+    def get_securityhub_info(self) -> Dict[str, Any]:
+        """
+        Get information about AWS Security Hub resources.
+
+        :return: Dictionary containing Security Hub information
+        :rtype: Dict[str, Any]
+        """
+        try:
+            securityhub_collector = SecurityHubCollector(
+                self.session, self.region, self.account_id, self.tags, self.collect_findings
+            )
+            return securityhub_collector.collect()
+        except Exception as e:
+            self._handle_error(e, "Security Hub resources")
+            return {
+                "Findings": [],
+                "Standards": [],
+                "EnabledStandards": [],
+                "SecurityControls": [],
+                "HubConfiguration": {},
+                "Members": [],
+                "Insights": [],
+            }
+
+    def get_audit_manager_info(self) -> Dict[str, Any]:
+        """
+        Get information about AWS Audit Manager resources.
+
+        :return: Dictionary containing Audit Manager information
+        :rtype: Dict[str, Any]
+        """
+        try:
+            audit_manager_collector = AuditManagerCollector(self.session, self.region, self.account_id, self.tags)
+            return audit_manager_collector.collect()
+        except Exception as e:
+            self._handle_error(e, "Audit Manager resources")
+            return {
+                "Assessments": [],
+                "AssessmentFrameworks": [],
+                "Controls": [],
+                "AssessmentReports": [],
+                "Evidence": [],
+                "Settings": {},
+            }
+
+    def get_inspector_info(self) -> Dict[str, Any]:
+        """
+        Get information about AWS Inspector resources.
+
+        :return: Dictionary containing Inspector information
+        :rtype: Dict[str, Any]
+        """
+        try:
+            inspector_collector = InspectorCollector(
+                self.session, self.region, self.account_id, self.tags, self.collect_findings
+            )
+            return inspector_collector.collect()
+        except Exception as e:
+            self._handle_error(e, "Inspector resources")
+            return {"Findings": [], "Coverage": [], "AccountStatus": {}, "Members": [], "CoverageStatistics": {}}
+
+    def _collect_cloudtrail_data(self, result: Dict[str, Any]) -> None:
+        """
+        Collect CloudTrail data and add to result.
+
+        :param result: Result dictionary to update
+        """
+        cloudtrail_info = self.get_cloudtrail_info()
+        result["CloudTrail"] = cloudtrail_info.get("Trails", [])
+        result["CloudTrailStatuses"] = cloudtrail_info.get("TrailStatuses", {})
+
+    def _collect_config_data(self, result: Dict[str, Any]) -> None:
+        """
+        Collect AWS Config data and add to result.
+
+        :param result: Result dictionary to update
+        """
+        config_info = self.get_config_info()
+        result["ConfigRecorders"] = config_info.get("ConfigurationRecorders", [])
+        result["ConfigRecorderStatuses"] = config_info.get("RecorderStatuses", [])
+        result["ConfigDeliveryChannels"] = config_info.get("DeliveryChannels", [])
+        result["ConfigRules"] = config_info.get("ConfigRules", [])
+        result["ConfigComplianceSummary"] = config_info.get("ComplianceSummary", [])
+
+    def _collect_guardduty_data(self, result: Dict[str, Any]) -> None:
+        """
+        Collect GuardDuty data and add to result.
+
+        :param result: Result dictionary to update
+        """
+        guardduty_info = self.get_guardduty_info()
+        result["GuardDutyDetectors"] = guardduty_info.get("Detectors", [])
+        if self.collect_findings:
+            result["GuardDutyFindings"] = guardduty_info.get("Findings", [])
+        result["GuardDutyMembers"] = guardduty_info.get("Members", [])
+
+    def _collect_securityhub_data(self, result: Dict[str, Any]) -> None:
+        """
+        Collect Security Hub data and add to result.
+
+        :param result: Result dictionary to update
+        """
+        securityhub_info = self.get_securityhub_info()
+        if self.collect_findings:
+            result["SecurityHubFindings"] = securityhub_info.get("Findings", [])
+        result["SecurityHubStandards"] = securityhub_info.get("Standards", [])
+        result["SecurityHubEnabledStandards"] = securityhub_info.get("EnabledStandards", [])
+        result["SecurityHubControls"] = securityhub_info.get("SecurityControls", [])
+        result["SecurityHubConfig"] = securityhub_info.get("HubConfiguration", {})
+        result["SecurityHubMembers"] = securityhub_info.get("Members", [])
+        result["SecurityHubInsights"] = securityhub_info.get("Insights", [])
+
+    def _collect_inspector_data(self, result: Dict[str, Any]) -> None:
+        """
+        Collect Inspector data and add to result.
+
+        :param result: Result dictionary to update
+        """
+        inspector_info = self.get_inspector_info()
+        if self.collect_findings:
+            result["InspectorFindings"] = inspector_info.get("Findings", [])
+        result["InspectorCoverage"] = inspector_info.get("Coverage", [])
+        result["InspectorAccountStatus"] = inspector_info.get("AccountStatus", {})
+        result["InspectorMembers"] = inspector_info.get("Members", [])
+        result["InspectorCoverageStats"] = inspector_info.get("CoverageStatistics", {})
+
     def collect(self) -> Dict[str, Any]:
         """
-        Collect all security resources.
+        Collect security resources based on enabled_services configuration.
 
-        :return: Dictionary containing all security resource information
+        :return: Dictionary containing enabled security resource information
         :rtype: Dict[str, Any]
         """
-        return {
-            "IAM": self.get_iam_info(),
-            "KMSKeys": self.get_kms_keys(),
-            "Secrets": self.get_secrets(),
-            "WAF": self.get_waf_info(),
-            "ACMCertificates": self.get_acm_certificates(),
-        }
+        result = {}
+
+        if self.enabled_services.get("iam", True):
+            result["IAM"] = self.get_iam_info()
+
+        if self.enabled_services.get("kms", True):
+            result["KMSKeys"] = self.get_kms_keys()
+
+        if self.enabled_services.get("secrets_manager", True):
+            result["Secrets"] = self.get_secrets()
+
+        if self.enabled_services.get("waf", True):
+            result["WAF"] = self.get_waf_info()
+
+        if self.enabled_services.get("acm", True):
+            result["ACMCertificates"] = self.get_acm_certificates()
+
+        if self.enabled_services.get("cloudtrail", True):
+            self._collect_cloudtrail_data(result)
+
+        if self.enabled_services.get("config", True):
+            self._collect_config_data(result)
+
+        if self.enabled_services.get("guardduty", True):
+            self._collect_guardduty_data(result)
+
+        if self.enabled_services.get("securityhub", True):
+            self._collect_securityhub_data(result)
+
+        if self.enabled_services.get("inspector", True):
+            self._collect_inspector_data(result)
+
+        if self.enabled_services.get("audit_manager", True):
+            audit_manager_info = self.get_audit_manager_info()
+            result.update(audit_manager_info)
+
+        return result