Merge pull request #13 from DNXLabs/feature/updates

Using chatbot instead of slack
DNXLabs · Jul 16, 2024 · e90365c · e90365c
2 parents 7cc0e50 + 6b39ff7
commit e90365c
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 28 deletions.
diff --git a/README.md b/README.md
@@ -25,14 +25,14 @@ The following resources will be created:
 | Name | Version |
 |------|---------|
 | aws | n/a |
-| random | >= 3.3.0 |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | alarm\_email | Enables email notification (optional) | `string` | `""` | no |
 | alarm\_slack\_endpoint | Enables slack notification to endpoint passed (optional) | `string` | `""` | no |
+| chatbot\_sns\_topic | SNS topic for chatbot notification | `string` | `""` | no |
 | invite | Invite member accounts? (Use 'false' when this account is the delegated admin by master account) | `bool` | `true` | no |
 | members | List of member AWS accounts as [{account\_id: '9999', email: '[email protected]'}, {...}] } | `list(any)` | `[]` | no |
 | severity\_list | n/a | `list(any)` | <pre>[<br>  "HIGH",<br>  "CRITICAL"<br>]</pre> | no |

diff --git a/_variables.tf b/_variables.tf
@@ -42,4 +42,10 @@ variable "alarm_slack_endpoint" {
   type        = string
   default     = ""
   description = "Enables slack notification to endpoint passed (optional)"
-}
+}
+
+variable "chatbot_sns_topic" {
+  type        = string
+  default     = ""
+  description = "SNS topic for chatbot notification"
+}
diff --git a/event-to-email.tf b/event-to-email.tf
@@ -8,7 +8,7 @@ resource "aws_cloudwatch_event_target" "sns" {
     input_paths = {
       "aws_account_id"  = "$.detail.findings[0].AwsAccountId"
       "aws_region"      = "$.region"
-      "remediation_url" = "$.detail.findings[0].Remediation.Recommendation.Url"
+      "remediation_url" = "$.detail.findings[0].ProductFields.RecommendationUrl"
       "severity"        = "$.detail.findings[0].Severity.Label"
       "title"           = "$.detail.findings[0].Title"
     }
@@ -44,4 +44,4 @@ resource "aws_sns_topic_subscription" "email" {
   topic_arn = aws_sns_topic.securityhub[0].arn
   protocol  = "email"
   endpoint  = try(var.alarm_email, "")
-}
+}
diff --git a/event-to-slack-cf.tf b/event-to-slack-cf.tf
@@ -1,26 +1,26 @@
 
-resource "random_string" "to_slack_cf_suffix" {
-  count   = var.alarm_slack_endpoint != "" ? 1 : 0
-  length  = 8
-  special = false
-  lower   = true
-  numeric = false
-}
+# resource "random_string" "to_slack_cf_suffix" {
+#   count   = var.alarm_slack_endpoint != "" ? 1 : 0
+#   length  = 8
+#   special = false
+#   lower   = true
+#   numeric = false
+# }
 
-resource "aws_cloudformation_stack" "to_slack" {
-  count         = var.alarm_slack_endpoint != "" ? 1 : 0
-  name          = "SecurityHubToSlack-${random_string.to_slack_cf_suffix[0].result}"
-  template_body = file("${path.module}/event-to-slack.cf.json")
-  parameters = {
-    IncomingWebHookURL  = var.alarm_slack_endpoint
-    SecurityHubEventArn = aws_cloudwatch_event_rule.securityhub[0].arn
-  }
-  capabilities = ["CAPABILITY_IAM"]
-}
+# resource "aws_cloudformation_stack" "to_slack" {
+#   count         = var.alarm_slack_endpoint != "" ? 1 : 0
+#   name          = "SecurityHubToSlack-${random_string.to_slack_cf_suffix[0].result}"
+#   template_body = file("${path.module}/event-to-slack.cf.json")
+#   parameters = {
+#     IncomingWebHookURL  = var.alarm_slack_endpoint
+#     SecurityHubEventArn = aws_cloudwatch_event_rule.securityhub[0].arn
+#   }
+#   capabilities = ["CAPABILITY_IAM"]
+# }
 
-resource "aws_cloudwatch_event_target" "to_slack" {
-  count     = var.alarm_slack_endpoint != "" ? 1 : 0
-  rule      = aws_cloudwatch_event_rule.securityhub[0].name
-  target_id = "securityhub-to-slack"
-  arn       = aws_cloudformation_stack.to_slack[0].outputs.LambdaFindingsToSlackArn
-}
+# resource "aws_cloudwatch_event_target" "to_slack" {
+#   count     = var.alarm_slack_endpoint != "" ? 1 : 0
+#   rule      = aws_cloudwatch_event_rule.securityhub[0].name
+#   target_id = "securityhub-to-slack"
+#   arn       = aws_cloudformation_stack.to_slack[0].outputs.LambdaFindingsToSlackArn
+# }
diff --git a/eventbridge.tf b/eventbridge.tf
@@ -1,5 +1,5 @@
 resource "aws_cloudwatch_event_rule" "securityhub" {
-  count       = var.alarm_email != "" || var.alarm_slack_endpoint != "" ? 1 : 0
+  count       = var.alarm_email != "" || var.chatbot_sns_topic != "" ? 1 : 0
   name_prefix = "SecurityHubFindings"
   description = "Captures SecurityHub New Findings"
 
@@ -27,3 +27,15 @@ resource "aws_cloudwatch_event_rule" "securityhub" {
 EOF
 }
 
+
+resource "aws_cloudwatch_event_target" "yada" {
+  count      =  var.chatbot_sns_topic != "" ? 1 : 0
+
+  target_id = "chatbot"
+  rule      = aws_cloudwatch_event_rule.securityhub[0].name
+  arn       = var.chatbot_sns_topic
+}
+
+
+
+