Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Supported Lambda Responses in Skyhigh CASB

Lambda deployment packages (your code and libraries in a zip file) define your Lambda function, its events sources, and permissions. Make sure responses returned by your Lambda script match Skyhigh CASB specifications. This may require a degree of customization.

The following functions are supported by Skyhigh CASB. 

IMPORTANT: No other functions are supported. Any missing functions will limit the information displayed in Skyhigh CASB.

Function Description Values/Example

status
(Mandatory)

Lambda execution status

success

failure

non_compliance

List of non compliant entities

entity_id : The id of the entity. E.g for a security group "sg-5fa41245"

entity_name : The name of the entity. E.g for an IAM user "guru"

metadata : An object (key,value) of the entity metadata

E.g.{

"service" : "Elastic block store",
"accountId": "295207888133",
"volumeType": "gp2",
"snapshotId": "snap-0e8e196a52ed7efc3",
"volumeId": "vol-0ac81be7dc0fa595a",
"state": "in-use",
"region": "us-west-2"

}

sg-5sfa21425

message The status message

failure: the error message is displayed in Skyhigh CASB

success: the message is ignored

 compliance List of compliant entity ids  

 

Below is a Lambda snippet with highlighted responses:

#cloudtrail_bucket_access_logging_enabled
#s3_bucket_access_logging_enabled_check
#cloudtrail_bucket_access_logging_enabled.check_buckets_handler
def check_buckets_handler(event, context):
    non_compliance = []
    compliance = []
    bucket_logging=None
    ct_client = boto3.client('cloudtrail')
    allTrails = ct_client.describe_trails()["trailList"]
    for trail in allTrails:
        print (trail)
        s3 = boto3.resource('s3')
        cloudtrail_bucket_name=trail["S3BucketName"]
        try:
            bucket_logging = s3.BucketLogging(cloudtrail_bucket_name).logging_enabled
        except:
            print ("issue while checking loggin enabled flag with bucket name : "+cloudtrail_bucket_name)
        if bucket_logging is not None :
            compliance.append(trail["S3BucketName"])
        else:
            non_compliant_entity = dict()
            dummy = dict()
            dummy["buck_name"] = cloudtrail_bucket_name
            non_compliant_entity["entity_id"] = cloudtrail_bucket_name
            non_compliant_entity["entity_name"] = cloudtrail_bucket_name
            non_compliant_entity['metadata'] =  dummy
            non_compliance.append(non_compliant_entity)
    lambda_response = dict()
    lambda_response["status"] = "success"
    lambda_response["message"] = "lambda function execution is completed"
    lambda_response["compliance"] = compliance
    lambda_response["non_compliance"] = non_compliance
    return lambda_response

  • Was this article helpful?