in automated-actions/AWS_RISK_CREDENTIALS_EXPOSED/lambda_functions/lookup_cloudtrail_events.py [0:0]
def get_events_summaries(events):
""" Summarizes CloudTrail events list by reducing into counters of occurences for each event, resource name, and resource type in list.
Args:
events (dict): Dictionary containing list of CloudTrail events to be summarized.
Returns:
(list, list, list)
Lists containing name:count tuples of most common occurences of events, resource names, and resource types in events list.
"""
event_name_counter = collections.Counter()
resource_name_counter = collections.Counter()
resource_type_counter = collections.Counter()
for event in events['Events']:
resources = event.get("Resources")
event_name_counter.update([event.get('EventName')])
if resources is not None:
resource_name_counter.update([resource.get("ResourceName") for resource in resources])
resource_type_counter.update([resource.get("ResourceType") for resource in resources])
return event_name_counter.most_common(10), resource_name_counter.most_common(10), resource_type_counter.most_common(10)