[BUG] CIS AWS Rule 3.10 / 3.11 - When object-level logging for write / read events is enabled for S3 bucket evaluation is failed.

[gurevichdmitry]

Describe the bug When object-level logging for write / read events is enabled for S3 bucket evaluation is failed.

Audit: aws cloudtrail get-event-selectors --region us-west-2 --trail-name test-aws-file-validation-on-pass --query "EventSelectors[*].DataResources[]"

Preconditions ELK Stack 8.8 is deployed

To Reproduce Steps to reproduce the behavior:

1. Create CSPM integration and deploy elastic agent.
2. Navigate to Findings and search by rule.tags: "CIS 3.10" and resource.name: "test-aws-file-validation-on-pass"
3. Navigate to Findings and search by rule.tags: "CIS 3.11" and resource.name: "test-aws-file-validation-on-pass"

Expected behavior Evaluation result for rules 3.10 and 3.11 is passed

• OS: Amazon Linux
• Browser: NA
• Kibana Version: 8.8-SNAPSHOT
• Elastic-Agent: 8.8-SNAPSHOT

[uri-weisman]

Current rego implementation support writing and reading to all s3 buckets instead of supporting all and a specific bucket.

partialARN == "arn:aws:s3"

Should be:

contains(partialARN, "arn:aws:s3")