in lambda/find-secrets-without-rotation.py [0:0]
def raise_sechub_event (arn, name, rotation_days):
region = arn.split(':')[3]
account_id = arn.split(':')[4]
d = datetime.datetime.utcnow() # <-- get time in UTC
findings = [{
"SchemaVersion": "2018-10-08",
"Title": f"Rotation policy non-compliant for secret {name}",
"Description": f"This secret has a rotation policy of {rotation_days} days that is not compliant with company policy of {rotation_days_max} days or less.",
"ProductArn": f"arn:aws:securityhub:{region}:{account_id}:product/{account_id}/default",
"AwsAccountId": account_id,
"Id": f"outofcompliant-secret-rotation/{name}",
"GeneratorId": "CUSTOM:SecretRotationDetector",
"Types": [],
"CreatedAt": d.isoformat("T") + "Z",
"UpdatedAt": d.isoformat("T") + "Z",
"Severity": {
"Label": "MEDIUM"
},
"Resources": [{
"Type": "Other",
"Id": arn
}]
}]
print (findings)
import_response = sechubclient.batch_import_findings(
Findings=findings
)
return {
'statusCode': 200,
}