lib/aws_recon/collectors/guardduty.rb in aws_recon-0.2.36 vs lib/aws_recon/collectors/guardduty.rb in aws_recon-0.3.0
- old
+ new
@@ -26,24 +26,53 @@
# get_findings_statistics (only active findings)
struct.findings_statistics = @client.get_findings_statistics({
detector_id: detector,
finding_statistic_types: ['COUNT_BY_SEVERITY'],
- finding_criteria: {
- criterion: {
- 'service.archived': {
- eq: ['false']
- }
- }
- }
+ finding_criteria: finding_criteria
}).finding_statistics.to_h
+ # get_findings_statistics (only active findings older than 7 days)
+ struct.findings_statistics_aged_short = @client.get_findings_statistics({
+ detector_id: detector,
+ finding_statistic_types: ['COUNT_BY_SEVERITY'],
+ finding_criteria: finding_criteria(7)
+ }).finding_statistics.to_h
+ # get_findings_statistics (only active findings older than 30 days)
+ struct.findings_statistics_aged_long = @client.get_findings_statistics({
+ detector_id: detector,
+ finding_statistic_types: ['COUNT_BY_SEVERITY'],
+ finding_criteria: finding_criteria(30)
+ }).finding_statistics.to_h
# get_master_account
struct.master_account = @client.get_master_account({ detector_id: detector }).master.to_h
resources.push(struct.to_h)
end
end
resources
+ end
+
+ private
+
+ def finding_criteria(days = 1)
+ criteria = {
+ criterion: {
+ 'service.archived': { eq: ['false'] }
+ }
+ }
+
+ if days > 1
+ days_ago = (Time.now.to_f * 1000).to_i - (60 * 60 * 24 * 1000 * days) # with miliseconds
+
+ criteria = {
+ criterion: {
+ 'service.archived': { eq: ['false'] },
+ 'updatedAt': { less_than: days_ago }
+ }
+ }
+ end
+
+ criteria
end
end