def macie_correlation()

in security_hub_correlation_cdk/lambdas/create_sh_finding/create_sh_finding.py [0:0]

• 19 lines of code
• 4 McCabe index (conditional complexity)

def macie_correlation(sh_resource, ddbtable):
    try:
        logger.info('CHECK #2: S3 exfiltration on S3 bucket with senstiive data {}...'.format(sh_resource))
        macie_payload = check_macie_sensitive_data(sh_resource, ddbtable)
        s3_exfil_payload = check_s3_exfil(sh_resource, ddbtable)
        if (macie_payload and s3_exfil_payload):
            logger.info('Match found for S3 exfiltration on S3 bucket conataining sensitive data {}.'.format(sh_resource))
            SH_title = {"SH_Title":'S3 data exfiltration observed on S3 bucket {} containing sensitive data'.format(sh_resource)}
            s3_exfil_payload.update(SH_title)
            SourceUrls = []
            SourceUrls.append(macie_payload['Items'][0]['SourceUrl'])
            SourceUrls.append(s3_exfil_payload['Items'][0]['SourceUrl'])
            SourceUrlList = {"SourceUrlList": SourceUrls}
            s3_exfil_payload.update(SourceUrlList)
            create_securityhub_payload(s3_exfil_payload)
        else:
            logger.info('No matches found for GuardDuty S3 exfiltration and Macie S3 buckets with senstiive data.')
    except ClientError as error_handle:
        logger.error(error_handle.dynamodb_match['Error']['Code'])