Skip to content

IT-4081: suppress cis-aws-foundations-benchmark/v/1.4.0/3.9 since we use GuardDuty to monitor flow logs #1319

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
brucehoff wants to merge 7 commits into from
Closed

IT-4081: suppress cis-aws-foundations-benchmark/v/1.4.0/3.9 since we use GuardDuty to monitor flow logs #1319

brucehoff wants to merge 7 commits into from

Conversation

@brucehoff
Copy link
Contributor

@brucehoff brucehoff commented Jan 9, 2025

suppress cis-aws-foundations-benchmark/v/1.4.0/3.9 since we use GuardDuty to monitor flow logs

@brucehoff brucehoff requested a review from a team as a code owner January 9, 2025 19:00
ConsoleCatzirl
ConsoleCatzirl requested changes Jan 10, 2025
View reviewed changes
org-formation/075-security-hub/security-hub-suppress-infra.yaml
- 'arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/4.2'
- 'cis-aws-foundations-benchmark/v/1.4.0/3.5' # (IT-3619) "3.5 Ensure AWS Config is enabled in all regions"
# suppress cis-aws-foundations-benchmark/v/1.4.0/3.9 since we use GuardDuty to monitor flow logs:
- 'cis-aws-foundations-benchmark/v/1.4.0/3.9'
Copy link
Member

@ConsoleCatzirl ConsoleCatzirl Jan 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My understanding is that guard duty is good for detection but not for investigation so I think we should enforce this finding at least for production accounts, but I'm ok with suppressing it in non-prod accounts

Copy link
Contributor

@zaro0508 zaro0508 Jan 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it would probably be beneficial if you could add a reference to issue IT-4081 and provide justification for this suppression in the issue.

zaro0508
zaro0508 approved these changes Jan 10, 2025
View reviewed changes
org-formation/075-security-hub/security-hub-suppress-infra.yaml
- 'arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/4.2'
- 'cis-aws-foundations-benchmark/v/1.4.0/3.5' # (IT-3619) "3.5 Ensure AWS Config is enabled in all regions"
# suppress cis-aws-foundations-benchmark/v/1.4.0/3.9 since we use GuardDuty to monitor flow logs:
- 'cis-aws-foundations-benchmark/v/1.4.0/3.9'
Copy link
Contributor

@zaro0508 zaro0508 Jan 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it would probably be beneficial if you could add a reference to issue IT-4081 and provide justification for this suppression in the issue.

@brucehoff brucehoff closed this Apr 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ConsoleCatzirl ConsoleCatzirl ConsoleCatzirl requested changes

@zaro0508 zaro0508 zaro0508 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@brucehoff @ConsoleCatzirl @zaro0508