Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS SecurityHub Connector does not ingest GuardDuty and Macie events present in SecurityHub #10180

Closed
CyberHunter7 opened this issue Mar 19, 2024 · 9 comments
Closed

AWS SecurityHub Connector does not ingest GuardDuty and Macie events present in SecurityHub #10180

CyberHunter7 opened this issue Mar 19, 2024 · 9 comments
Assignees
@v-sudkharat @v-muuppugund
Labels
Connector Connector specialty review needed enhancement New feature or request

Comments

@CyberHunter7
Copy link

Describe the bug
AWS SecurityHub Connector does not ingest GuardDuty and Macie events present in SecurityHub events.

To Reproduce
Steps to reproduce the behavior:

  1. In Azure: Deploy AWS SecurityHub Connector
  2. In AWS: Generate a High or Critical event in GuardDuty
  3. In AWS: Check that SecurityHub ingested the generated GuardDuty event in step 2.
  4. In Azure: Search in Log Analytics AWSSecurityHubFindings_CL table for the SecurityHub event related to GuardDuty

Expected behavior
SecurityHub event related to GuardDuty should be present in the Log Analytics.

NB 1 : AWS SecurityHub Connector is functional because we receive other SecurityHub events in the Log Analytics.

NB 2 : In the function App of the connector -> configurations -> Application settings -> SecurityHubFilters could be set with no filter so all event regardless of severity label are captured
@v-muuppugund v-muuppugund added the Connector Connector specialty review needed label Mar 20, 2024
@v-muuppugund
Copy link
Contributor

Hi @CyberHunter7 , Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 26Mar24. Thanks!

@CyberHunter7 CyberHunter7 mentioned this issue Mar 20, 2024
Closed
@v-muuppugund
Copy link
Contributor

v-muuppugund commented Mar 26, 2024
edited
Loading

Hi @CyberHunter7 ,Working on detailed analysis for further replication and changes,will update you

@CyberHunter7
Copy link
Author

Hi @CyberHunter7 ,Working on detailed analysis for further replication and changes,will update you

Thank you @v-muuppugund for the update.

@v-muuppugund
Copy link
Contributor

Hi @CyberHunter7 ,Still need some more time for completing the detailed analysis for this issue, will post update once done.

@v-muuppugund v-muuppugund added the enhancement New feature or request label Apr 4, 2024
@v-muuppugund
Copy link
Contributor

v-muuppugund commented Apr 15, 2024
edited
Loading

Hi @CyberHunter7 ,I am able to replicate the issue and the data is not ingested from guard duty in to AWS Security hub, we have done the complete analysis for this requirement and will be picking up in our queue and will update you once the changes have been completed.Please let me know if you have any questions we can have a detailed discussion on this requirement.

@CyberHunter7
Copy link
Author

Hi @CyberHunter7 ,I am able to replicate the issue and the data is not ingested from guard duty in to AWS Security hub, we have done the complete analysis for this requirement and will be picking up in our queue and will update you once the changes have been completed.Please let me know if you have any questions we can have a detailed discussion on this requirement.

Hi @v-muuppugund thanks for the update, is there any workaround for the mean time ? is there an estimate when this issue will be resolved ?

@v-muuppugund
Copy link
Contributor

v-muuppugund commented Apr 15, 2024
edited
Loading

Hi @CyberHunter7 ,I am able to replicate the issue and the data is not ingested from guard duty in to AWS Security hub, we have done the complete analysis for this requirement and will be picking up in our queue and will update you once the changes have been completed. Please let me know if you have any questions we can have a detailed discussion on this requirement.

Hi @v-muuppugund thanks for the update, is there any workaround for the mean time ? is there an estimate when this issue will be resolved ?

Hi @CyberHunter7 ,Apologies as of now ,with generated_id from guard duty and no filters the data is not coming up,Please find below screen shot for reference
even gaurd duty is enabled
image
Could you please check any logs are present in guard duty for the region using in AWS security hub connector

@CyberHunter7
Copy link
Author

CyberHunter7 commented Apr 15, 2024
edited
Loading

Hi @CyberHunter7 ,I am able to replicate the issue and the data is not ingested from guard duty in to AWS Security hub, we have done the complete analysis for this requirement and will be picking up in our queue and will update you once the changes have been completed. Please let me know if you have any questions we can have a detailed discussion on this requirement.

Hi @v-muuppugund thanks for the update, is there any workaround for the mean time ? is there an estimate when this issue will be resolved ?

Hi @CyberHunter7 ,Apologies as of now ,with generated_id from guard duty and no filters the data is not coming up,Please find below screen shot for reference even gaurd duty is enabled image Could you please check any logs are present in guard duty for the region using in AWS security hub connector

Hi @v-muuppugund I checked again no logs are present. I understand there is no quick fix for this that can be available, is that correct ?

@CyberHunter7
Copy link
Author

Hi @CyberHunter7 ,I am able to replicate the issue and the data is not ingested from guard duty in to AWS Security hub, we have done the complete analysis for this requirement and will be picking up in our queue and will update you once the changes have been completed. Please let me know if you have any questions we can have a detailed discussion on this requirement.

Hi @v-muuppugund thanks for the update, is there any workaround for the mean time ? is there an estimate when this issue will be resolved ?

Hi @CyberHunter7 ,Apologies as of now ,with generated_id from guard duty and no filters the data is not coming up,Please find below screen shot for reference even gaurd duty is enabled image Could you please check any logs are present in guard duty for the region using in AWS security hub connector

Hi @v-muuppugund I checked again no logs are present. I understand there is no quick fix for this that can be available, is that correct ?

Hello @v-muuppugund any updates ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@v-sudkharat v-sudkharat

@v-muuppugund v-muuppugund

Labels
Connector Connector specialty review needed enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@CyberHunter7 @v-sudkharat @v-muuppugund