def backdoor_correlation()

in security_hub_correlation_cdk/lambdas/create_sh_finding/create_sh_finding.py [0:0]

• 19 lines of code
• 4 McCabe index (conditional complexity)

def backdoor_correlation(sh_resource, ddbtable):
    try:
        logger.info('CHECK #3: GuardDuty EC2 backdoor and Inspector Critical CVEs for {}...'.format(sh_resource))
        gd_backdoor_payload = check_gd_backdoor(sh_resource, ddbtable)
        inspector_cve_payload = check_inspector_cve(sh_resource, ddbtable)
        if (gd_backdoor_payload and inspector_cve_payload):
            logger.info('Match found for GuardDuty EC2 backdoor and 3 Inspector Critical CVEs for {}.'.format(sh_resource))
            SH_title = {"SH_Title":'GuardDuty EC2 Backdoor and Critical CVEs found for {}.'.format(sh_resource)}
            gd_backdoor_payload.update(SH_title)
            SourceUrls = []
            SourceUrls.append(gd_backdoor_payload['Items'][0]['SourceUrl'])
            SourceUrls.append(inspector_cve_payload['Items'][0]['SourceUrl'])
            SourceUrlList = {"SourceUrlList": SourceUrls}
            gd_backdoor_payload.update(SourceUrlList)
            create_securityhub_payload(gd_backdoor_payload)
        else:
            logger.info('No matches found for GuardDuty EC2 backdoor and 3 Inspector Critical CVEs for {}.'.format(sh_resource))
    except ClientError as error_handle:
        logger.error(error_handle.dynamodb_match['Error']['Code'])