in security_hub_correlation_cdk/lambdas/create_sh_finding/create_sh_finding.py [0:0]
def check_network_unusual(sh_resource, ddbtable):
gd_network_list = [
'Unusual Behaviors/VM/Behavior:EC2-NetworkPortUnusual',
'Unusual Behaviors/VM/Behavior:EC2-TrafficVolumeUnusual'
]
try:
for item in gd_network_list:
network_payload = ddbtable.query(
IndexName= DYNAMODB_GSI_TYPE,
KeyConditionExpression=Key('ResourceId').eq(sh_resource) & Key('Types').eq(item)
)
if network_payload['Count'] >= 1:
logger.info('Found GuardDuty Unusual Networking match {} for {}.'.format(item, sh_resource))
return network_payload
except ClientError as error_handle:
logger.error(error_handle.dynamodb_match['Error']['Code'])