Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request use of botocore.config for to handle API throttling when archiving findings in SecurityHub #5004

Open
mlmerchant opened this issue Sep 11, 2024 · 1 comment
Open

Request use of botocore.config for to handle API throttling when archiving findings in SecurityHub #5004

mlmerchant opened this issue Sep 11, 2024 · 1 comment
Labels
bug integration/security-hub Issues/PRs related with the AWS Security Hub integration provider/aws Issues/PRs related with the AWS provider severity/medium Results in some unexpected or undesired behavior.

Comments

@mlmerchant
Copy link
Contributor

Steps to Reproduce

As a security engineer running prowler with the below command:

prowler AWS --log-level ERROR -M csv html json-asff --ignore-exit-code-3 --security-hub --status FAIL --log-file /foobar/logs.txt --output-directory /foobar

I expect prowler to archive the findings.

Expected behavior

I expect prowler to archive the findings in securityhub that were no longer detected in the latest scan.

Actual Result with Screenshots or Logs

2024-09-11 18:53:36,513 [File: security_hub.py:247] [Module: security_hub] ERROR: Client error - - [227]:An error occurred (TooManyRequestsException) when calling the GetFindings operation: Too Many Requests in region us-gov-west-1

Sending findings to AWS Security Hub, please wait...

Archiving previous findings in AWS Security Hub, please wait...
0 findings archived in AWS Security Hub!

How did you install Prowler?

From pip package (pip install prowler)

Environment Resource

Gitlab runner docker container.

OS used

Ubuntu:latest

Prowler version

4.3.5

Pip version

24.0

Context

Request that prowler make use of 'botocore.config' to handle backoff and retries with the SecurityHub API.'

I believe this change would need to occur at the following location:
https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/aws/lib/security_hub/security_hub.py#L140-L142

from botocore.config import Config

# Custom configuration for retries and backoff
config = Config(
    retries={
        'max_attempts': 10,  # Max number of retry attempts
        'mode': 'adaptive'  # or 'standard' for standard exponential backoff
    }
)

# Initialize the client with custom config
enabled_regions[region] = self._session.client(
    "securityhub", region_name=region, config=config
)
@mlmerchant mlmerchant added bug status/needs-triage Issue pending triage labels Sep 11, 2024
@jfagoagas jfagoagas added provider/aws Issues/PRs related with the AWS provider integration/security-hub Issues/PRs related with the AWS Security Hub integration labels Sep 12, 2024
@vicferpoy vicferpoy added severity/medium Results in some unexpected or undesired behavior. and removed status/needs-triage Issue pending triage labels Sep 12, 2024
@vicferpoy
Copy link
Member

Hey @mlmerchant, thanks for reporting this.

I've addressed your suggestion internally and we will take care of it as soon as we can. I will leave a note so the team can update with a message here when we fix it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug integration/security-hub Issues/PRs related with the AWS Security Hub integration provider/aws Issues/PRs related with the AWS provider severity/medium Results in some unexpected or undesired behavior.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mlmerchant @jfagoagas @vicferpoy