Cloudwatch event severity check add

DrumSlayers · Jul 6, 2023 · ef5ee09 · ef5ee09
1 parent 4d81030
commit ef5ee09
Showing 1 changed file with 66 additions and 1 deletion.
diff --git a/modules/cloudwatch/main.tf b/modules/cloudwatch/main.tf
@@ -42,7 +42,67 @@ resource "aws_cloudwatch_event_rule" "guardduty_finding" {
   ],
   "detail-type": [
     "GuardDuty Finding"
-  ]
+  ],
+    "detail": {
+    "severity": [
+      4,
+      4.0,
+      4.1,
+      4.2,
+      4.3,
+      4.4,
+      4.5,
+      4.6,
+      4.7,
+      4.8,
+      4.9,
+      5,
+      5.0,
+      5.1,
+      5.2,
+      5.3,
+      5.4,
+      5.5,
+      5.6,
+      5.7,
+      5.8,
+      5.9,
+      6,
+      6.0,
+      6.1,
+      6.2,
+      6.3,
+      6.4,
+      6.5,
+      6.6,
+      6.7,
+      6.8,
+      6.9,
+      7,
+      7.0,
+      7.1,
+      7.2,
+      7.3,
+      7.4,
+      7.5,
+      7.6,
+      7.7,
+      7.8,
+      7.9,
+      8,
+      8.0,
+      8.1,
+      8.2,
+      8.3,
+      8.4,
+      8.5,
+      8.6,
+      8.7,
+      8.8,
+      8.9
+    ]
+  }
+
 }
 EOF
 }
@@ -57,6 +117,11 @@ resource "aws_cloudwatch_event_target" "send_to_sns" {
     input_paths = {
       instance = "$.detail.resource.instanceDetails.instanceId",
       state = "$.detail.service.action.networkConnectionAction.connectionDirection"
+      severity = "$.detail.severity",
+      region = "$.region",
+      account = "$.account",
+      FindingType = "$.detail.type",
+      FindingDescription = "$.detail.description"
     }
 
     input_template = "\"GuardDuty finding for instance: <instance>, State: <state>\""