Closed freakssy closed 4 months ago
I understood where the problem was coming from. The solution deploys runbooks based on the standard name. At my place, I have activated two standards, FSBP and CIS, so I have deployed only the corresponding runbooks without the 'security control,' yet it is needed.
When the "standard_name" is set to "security-control", this should indicate that consolidated findings are enabled within Security Hub.
When this is the case, for this solution you should have enabled the "Security Control" playbook during deployment. Implementation Guide
You should have selected yes for the parameter "LoadSCMemberStack"
I installed the solution following the documentation to test between two accounts in the same region. When I initiate a remediation on a supported control and for a finding located in the same region, I receive the following response:
{ "status": "NOTENABLED", "message": "Security Standard is not enabled\": \"security-control version 2.0.0\" ; "remediation_status": "", "logdata": [], "securitystandard": "error", "securitystandardversion": "2.0.0", "controlid": "EC2.2", "standardsupported": "False", "accountid": "xxxxxxxxxxxxx", "resourceregion": "eu-west-1" }
Upon reviewing the code, I observe that it relies on the value of standard_name to fetch a parameter in the SSM parameter store, and it sets standard_version_supported to true or false. This is how it determines the status.
Below you will find the event, I have removed the names of the resources and the account.: