Closed twratl closed 2 years ago
cbruno10
commented
2 years ago Hey @twratl , thanks for suggestion! Looking at the control for GuardDuty.1, it recommends enabling GuardDuty in the region, but I'm not sure if it specifically mentions S3.
@rajlearner17 Do you recall why we check for S3 logging? Is it based on a detail in the Config rule associated with that control?
rajlearner17
commented
2 years ago @twratl Thanks for the suggestion @cbruno10 Investigating this and the thought process behind the same. Will keep posted
rajlearner17
commented
2 years ago @cbruno10 @twratl After checking in detail, as suggested by @twratl, there is no need of checking S3 logging, which seems to be an additional unwanted check. I can't recall the circumstances during that time. While working 100s of compliance controls, which differ slightly in some places, we might have used this one. We will be fixing this soon for release.
Is your feature request related to a problem? Please describe. Today the check is reporting in alarm if the S3 logging is not enabled. I think it would be better to split this into 2 checks. 1 for regular GuardDuty enabled and one for S3 Logging enabled.
Describe the solution you'd like Split 1 check into 2.
Describe alternatives you've considered No real alternatives exist except ignoring the finding if S3 logging is not enabled but regular GuardDuty is.
Additional context Existing logic is here. (https://github.com/turbot/steampipe-mod-aws-compliance/blob/main/query/guardduty/guardduty_enabled.sql)