Add metadata to the export

[theodoorscholte]

• Date the tool ran
• Version of the tool (and library) that ran
• Measurement thresholds applied
• Compliance frameworks applied: none, aws-foundational-security-best-practices, cis-aws OR applied filters on retrieving findings
• Controls/Rules that are active in each compliance framework
• Enabled integrations in AWS Security Hub

[costastf]

@theodoorscholte enabled integrations are reported as

'arn:aws:securityhub:eu-west-1:<AWS_ACCOUNT_ID>:product-subscription/aws/access-analyzer',
'arn:aws:securityhub:eu-west-1:<AWS_ACCOUNT_ID>:product-subscription/aws/guardduty',
'arn:aws:securityhub:eu-west-1:<AWS_ACCOUNT_ID>:product-subscription/aws/config',
'arn:aws:securityhub:eu-west-1:<AWS_ACCOUNT_ID>:product-subscription/aws/firewall-manager',
'arn:aws:securityhub:eu-west-1:<AWS_ACCOUNT_ID>:product-subscription/aws/health',
'arn:aws:securityhub:eu-west-1:<AWS_ACCOUNT_ID>:product-subscription/aws/inspector',
'arn:aws:securityhub:eu-west-1:<AWS_ACCOUNT_ID>:product-subscription/aws/macie',
'arn:aws:securityhub:eu-west-1:<AWS_ACCOUNT_ID>:product-subscription/aws/ssm-patch-manager',
'arn:aws:securityhub:eu-west-1:<AWS_ACCOUNT_ID>:product-subscription/aws/securityhub

How would we want to report on them?

Can you also elaborate on

 Controls/Rules that are active in each compliance framework

Do we want something more than what is documented from AWS? If so, how do we get that?

[theodoorscholte]

@costastf Enabled integrations look good! AWS adds more controls/rules to each compliance framework over time. This results in more findings between runs of the tool. This is why it is needed to report at runtime about the controls/rules that are included in each framework.