def lambda_handler()

in lambdas/send_findings_to_security_hub/app.py [0:0]

• 38 lines of code
• 11 McCabe index (conditional complexity)

def lambda_handler(event, context):

    # Initalize Security Hub Findings
    security_hub_findings = []
    
    # get the account id, region, scope ids and analysis ids from the event object
    account_id = event['account']
    region_id = event['region']
    scope_analysis_details_list = event['scope_analysis_details']

    # updated list with the finding count
    updated_scope_analysis_details_list = []

    if len(scope_analysis_details_list):
        for item in scope_analysis_details_list:
            # retrieve scope id and analysis id
            scope_id = item['scope_id']
            scope_analysis_id = item['scope_analysis_id']

            # initialize the variable to check if finings have been senet to Security Hub
            if "findings_processed4sh" in item.keys():
                findings_processed4sh = item['findings_processed4sh']
            else:
                findings_processed4sh = False

            # get network analysis findings
            network_insight_findings = ec2.get_network_insights_access_scope_analysis_findings(NetworkInsightsAccessScopeAnalysisId=scope_analysis_id)
            print("findings>> "+json.dumps(network_insight_findings))
            analysis_status = network_insight_findings['AnalysisStatus']
            analysis_findings = network_insight_findings['AnalysisFindings']
            

            # construct security hub finding
            findings_count = len(analysis_findings)
            if findings_processed4sh == False and analysis_status == 'succeeded' and findings_count > 0:
                security_hub_finding_item = construct_security_hub_finding(scope_id, scope_analysis_id, findings_count, account_id, region_id)
                security_hub_findings.append(security_hub_finding_item)
                findings_processed4sh = True

            updated_scope_analysis_details_list.append({
                'scope_id': scope_id,
                'scope_analysis_id': scope_analysis_id,
                'analysis_status': analysis_status,
                'findings_count': findings_count,
                'findings_processed4sh': findings_processed4sh
            })

        if len(security_hub_findings):
            # send findings to security hub
            security_hub_response = security_hub_client.batch_import_findings(
                Findings = security_hub_findings
            )
            logger.info("Response from sending findings to security hub")
            logger.info("successful upload" + str(security_hub_response["SuccessCount"]))
            logger.info("failed upload" + str(security_hub_response["FailedCount"]))

    return updated_scope_analysis_details_list