def forensic()

in CloudTrailRemediation/CloudTrailRemediation.py [0:0]

• 16 lines of code
• 4 McCabe index (conditional complexity)

def forensic(data, table):
    """Perform forensic on the resources and details in the event information.
       Example: Look for MFA, previous violations, corporate CIDR blocks etc.
    Args:
        data (dict): All extracted event info.
        table (string): Table name for event history.

    Returns:
        TYPE: String
    """
    # Set remediationStatus to True to trigger remediation function.
    remediationStatus = True

    if remediationStatus:
        # See if user have tried this before.
        client = boto3.client('dynamodb')
        response = client.get_item(
            TableName=table,
            Key={
                'userName': {'S': data['userName']}
            }
        )
        try:
            if response['Item']:
                # If not first time, trigger countermeasures.
                result = disableAccount(data['userName'])
                return result
        except:
            # First time incident, let it pass.
            return "NoRemediationNeeded"