def send_csv_report(cls, issue, ticket_summary, desc, account_name, bu, product, owner_email, security_issue_file_name):
work_book = xlwt.Workbook()
worksheet = work_book.add_sheet(security_issue_file_name)
cls.add_header_data(worksheet)
cls.add_records(worksheet, issue, ticket_summary, desc, account_name, bu, product)
work_book.save(security_issue_file_name)
slack_notificaiton_obj = SlackNotification()
slack_notificaiton_obj.send_file_notification(file_name=security_issue_file_name, user_mail=owner_email)
os.remove(security_issue_file_name)
def generate(self):
main_account_session = AssumeRole.get_session(
region=self.config.aws.region)
issues = [
(self.config.sg.ddb_table_name, "Insecure Services",
SecurityGroupIssue),
(self.config.s3acl.ddb_table_name, "S3 ACL Public Access",
S3AclIssue),
(self.config.s3policy.ddb_table_name, "S3 Policy Public Access",
S3PolicyIssue),
(self.config.iamUserInactiveKeys.ddb_table_name,
"IAM User Inactive Keys", IAMKeyInactiveIssue),
(self.config.iamUserKeysRotation.ddb_table_name,
"IAM User Key Rotation", IAMKeyRotationIssue),
(self.config.ebsVolume.ddb_table_name, "EBS Unencrypted Volumes",
EBSUnencryptedVolumeIssue),
(self.config.ebsSnapshot.ddb_table_name, "EBS Public Snapshots",
EBSPublicSnapshotIssue),
(self.config.cloudtrails.ddb_table_name,
"CloudTrail Logging Issues", CloudTrailIssue),
(self.config.rdsSnapshot.ddb_table_name, "RDS Public Snapshots",
RdsPublicSnapshotIssue),
(self.config.sqspolicy.ddb_table_name, "SQS Policy Public Access",
SQSPolicyIssue),
]
open_security_issues_workbook = xlwt.Workbook()
closed_security_issues_workbook = xlwt.Workbook()
for table_name, sheet_name, issueType in issues:
logging.debug(f"Building {issueType.__name__} report")
ddb_table = main_account_session.resource("dynamodb").Table(
table_name)
self.add_open_issues_to_sheet(ddb_table,
open_security_issues_workbook,
sheet_name, issueType)
self.add_closed_issues_to_sheet(ddb_table,
closed_security_issues_workbook,
sheet_name, issueType)
timestamp = datetime.now(timezone.utc).isoformat('T', 'seconds')
open_security_issues = BytesIO()
open_security_issues_file_name = f"open_security_issues_{timestamp}.xls"
closed_security_issues = BytesIO()
closed_security_issues_file_name = f"security_issues_closed_last_week_{timestamp}.xls"
open_security_issues_workbook.save(open_security_issues)
closed_security_issues_workbook.save(closed_security_issues)
if self.config.csv.bucket:
open_security_issues_path = f"reports/{open_security_issues_file_name}"
closed_security_issues_path = f"reports/{closed_security_issues_file_name}"
logging.debug(
f"Uploading CSV report to s3://{self.config.csv.bucket}/{open_security_issues_path}"
)
S3Operations.put_object(main_account_session.client("s3"),
self.config.csv.bucket,
open_security_issues_path,
open_security_issues)
logging.debug(
f"Uploading CSV report to s://{self.config.csv.bucket}/{closed_security_issues_path}"
)
S3Operations.put_object(main_account_session.client("s3"),
self.config.csv.bucket,
closed_security_issues_path,
closed_security_issues)
if self.config.slack.enabled:
channel = self.config.csv.slack_channel
slack_obj = SlackNotification(config=self.config)
logging.debug(f"Uploading CSV report to slack ({channel})")
slack_obj.send_file_notification(
file_name=open_security_issues_file_name,
file_data=open_security_issues,
channel=channel)
slack_obj.send_file_notification(
file_name=closed_security_issues_file_name,
file_data=closed_security_issues,
channel=channel)