feat(services): add new service guardDutyDetector

Author: tyler-dunkel

src/enums/schemasMap.ts

@@ -47,6 +47,7 @@ export default {
   [services.flowLog]: 'awsFlowLog',
   [services.glueJob]: 'awsGlueJob',
   [services.glueRegistry]: 'awsGlueRegistry',
+  [services.guardDutyDetector]: 'awsGuardDutyDetector',
   [services.emrCluster]: 'awsEmrCluster',
   [services.emrInstance]: 'awsEmrInstance',
   [services.emrStep]: 'awsEmrStep',

src/enums/serviceMap.ts

@@ -86,6 +86,7 @@ import SageMakerProject from '../services/sageMakerProject'
 import SageMakerExperiment from '../services/sageMakerExperiment'
 import ManagedAirflow from '../services/managedAirflow'
 import WafV2WebAcl from '../services/wafV2WebAcl'
+import GuardDutyDetector from '../services/guardDutyDetector'
 
 /**
  * serviceMap is an object that contains all currently supported services for AWS
@@ -126,6 +127,7 @@ export default {
   [services.elb]: ELB,
   [services.flowLog]: FlowLog,
   [services.glueJob]: GlueJob,
+  [services.guardDutyDetector]: GuardDutyDetector,
   [services.glueRegistry]: GlueRegistry,
   [services.emrCluster]: EmrCluster,
   [services.emrInstance]: EmrInstance,

src/enums/services.ts

@@ -42,6 +42,7 @@ export default {
   flowLog: 'flowLog',
   glueJob: 'glueJob',
   glueRegistry: 'glueRegistry',
+  guardDutyDetector: 'guardDutyDetector',
   emrCluster: 'emrCluster',
   emrInstance: 'emrInstance',
   emrStep: 'emrStep',

src/services/guardDutyDetector/data.ts

@@ -0,0 +1,81 @@
+import { Config } from 'aws-sdk/lib/config'
+import GUARDDUTY from 'aws-sdk/clients/guardduty'
+import isEmpty from 'lodash/isEmpty'
+import groupBy from 'lodash/groupBy'
+import { convertToPromise, fetchAllPaginatedData } from '../../utils/fetchUtils'
+import { initTestEndpoint } from '../../utils'
+import ErrorLog from '../../utils/errorLog'
+
+const serviceName = 'guardDuty'
+const errorLog = new ErrorLog(serviceName)
+const endpoint = initTestEndpoint(serviceName)
+
+export interface RawAwsGuardDutyDetector extends GUARDDUTY.GetDetectorResponse {
+  id: string
+  region: string
+  members: GUARDDUTY.Members
+}
+
+/**
+ * GuardDutyDetector
+ */
+
+export default async ({
+  regions,
+  config,
+}: {
+  regions: string
+  config: Config
+}): Promise<{ [region: string]: RawAwsGuardDutyDetector[] }> => {
+  const result: RawAwsGuardDutyDetector[] = []
+
+  const activeRegions = regions.split(',')
+
+  for (const region of activeRegions) {
+    let guardDutyDetectorList: GUARDDUTY.DetectorId[]
+    const client = new GUARDDUTY({ ...config, region, endpoint })
+    try {
+      guardDutyDetectorList = await fetchAllPaginatedData({
+        getResourcesFn: convertToPromise({
+          sdkContext: client,
+          fnName: 'listDetectors',
+        }),
+        accessor: '',
+      })
+    } catch (err) {
+      errorLog.generateAwsErrorLog({ functionName: 'listDetectors', err })
+    }
+
+    if (!isEmpty(guardDutyDetectorList)) {
+      for (const detector of guardDutyDetectorList) {
+        let detectorData: GUARDDUTY.GetDetectorResponse
+        let members: GUARDDUTY.Members
+        try {
+          detectorData = await client
+            .getDetector({ DetectorId: detector })
+            .promise()
+          members = await fetchAllPaginatedData({
+            getResourcesFn: convertToPromise({
+              sdkContext: client,
+              fnName: 'listMembers',
+            }),
+            accessor: '',
+            initialParams: {
+              DetectorId: detector,
+            },
+          })
+        } catch (err) {
+          errorLog.generateAwsErrorLog({ functionName: 'getDetector', err })
+        }
+        result.push({
+          id: detector,
+          ...detectorData,
+          members,
+          region,
+        })
+      }
+    }
+  }
+
+  return groupBy(result, 'region')
+}

src/services/guardDutyDetector/format.ts

@@ -0,0 +1,75 @@
+import cuid from 'cuid'
+import { formatTagsFromMap } from '../../utils/format'
+import { AwsGuardDutyDetector } from '../../types/generated'
+import { RawAwsGuardDutyDetector } from './data'
+
+/**
+ * GuardDutyDetector
+ */
+
+export default ({
+  account,
+  service: rawData,
+  region,
+}: {
+  account: string
+  service: RawAwsGuardDutyDetector
+  region: string
+}): AwsGuardDutyDetector => {
+  const {
+    id,
+    CreatedAt: createdAt,
+    FindingPublishingFrequency: findingPublishingFrequency,
+    ServiceRole: serviceRole,
+    Status: status,
+    UpdatedAt: updatedAt,
+    DataSources: dataSources,
+    members = [],
+    Tags
+  } = rawData
+
+  const formattedDataSources = {
+    cloudTrail: {
+      status: dataSources?.CloudTrail?.Status
+    },
+    dnsLogs: {
+      status: dataSources?.DNSLogs?.Status
+    },
+    flowLogs: {
+      status: dataSources?.FlowLogs?.Status
+    },
+    s3Logs: {
+      status: dataSources?.S3Logs?.Status
+    },
+    // kubernetes: { TODO: k8s logs support, maybe need to update aws sdk?
+    //   auditLogs: {
+    //     status: dataSources?.
+    //   }
+    // }
+  }
+
+  const mappedMembers = members?.map(member => ({
+    id: cuid(),
+    accountId: member?.AccountId,
+    detectorId: member?.DetectorId,
+    masterId: member?.MasterId,
+    email: member?.Email,
+    relationshipStatus: member?.RelationshipStatus,
+    invitedAt: new Date(member?.InvitedAt)?.toISOString(),
+    updatedAt: new Date(member?.UpdatedAt)?.toISOString()
+  }))
+
+  return {
+    id,
+    region,
+    accountId: account,
+    createdAt: new Date(createdAt)?.toISOString(),
+    updatedAt: new Date(updatedAt)?.toISOString(),
+    findingPublishingFrequency,
+    serviceRole,
+    status,
+    members: mappedMembers,
+    dataSources: formattedDataSources,
+    tags: formatTagsFromMap(Tags ?? {})
+  }
+}

src/services/guardDutyDetector/index.ts

@@ -0,0 +1,14 @@
+import { Service } from '@cloudgraph/sdk'
+  import BaseService from '../base'
+  import format from './format'
+  import getData from './data'
+  import mutation from './mutation'
+      
+  export default class GuardDutyDetector extends BaseService implements Service {
+    format = format.bind(this)
+      
+    getData = getData.bind(this)
+      
+    mutation = mutation
+  }
+  

src/services/guardDutyDetector/mutation.ts

@@ -0,0 +1,5 @@
+export default `mutation($input: [AddawsGuardDutyDetectorInput!]!) {
+  addawsGuardDutyDetector(input: $input, upsert: true) {
+    numUids
+  }
+}`;

src/services/guardDutyDetector/schema.graphql

@@ -0,0 +1,36 @@
+type awsGuardDutyDetector @key(fields: "id") {
+  id: String! @id @search(by: [hash])
+  accountId: String! @search(by: [hash])
+  region: String @search(by: [hash, regexp])
+  createdAt: DateTime
+  updatedAt: DateTime
+  findingPublishingFrequency: String @search(by: [hash, regexp])
+  serviceRole: String @search(by: [hash, regexp])
+  status: String @search(by: [hash, regexp])
+  members: [awsGuardDutyMember]
+  dataSources: awsGuardDutyDataSources
+  tags: [awsRawTag]
+  iamRole: awsIamRole @hasInverse(field: guardDutyDetectors)
+}
+
+type awsGuardDutyMember {
+  id: String! @id @search(by: [hash])
+  accountId: String! @search(by: [hash])
+  detectorId: String @search(by: [hash, regexp])
+  masterId: String @search(by: [hash, regexp])
+  email: String @search(by: [hash, regexp])
+  relationshipStatus: String @search(by: [hash, regexp])
+  invitedAt: DateTime
+  updatedAt: DateTime
+}
+
+type awsGuardDutyDataSources {
+  cloudTrail: awsGuardDutyDataSource
+    dnsLogs: awsGuardDutyDataSource
+    flowLogs: awsGuardDutyDataSource
+    s3Logs: awsGuardDutyDataSource
+}
+
+type awsGuardDutyDataSource {
+  status: String @search(by: [hash, regexp])
+}

src/services/iamRole/connections.ts

@@ -12,6 +12,7 @@ import { RawAwsCodeBuild } from '../codeBuild/data'
 import { RawAwsGlueJob } from '../glueJob/data'
 import { glueJobArn } from '../../utils/generateArns'
 import { RawAwsManagedAirflow } from '../managedAirflow/data'
+import { RawAwsGuardDutyDetector } from '../guardDutyDetector/data'
 
 /**
  * IAM Role
@@ -106,60 +107,86 @@ export default ({
   /**
    * Find any CodeBuild related data
    */
-   const codebuild = data.find(({ name }) => name === services.codebuild)
-   if (codebuild?.data?.[region]) {
-     const dataAtRegion: RawAwsCodeBuild[] = codebuild.data[region].filter(
-       ({ serviceRole, resourceAccessRole }: RawAwsCodeBuild) =>
-       serviceRole === role.Arn || resourceAccessRole === role.Arn
-     )
-     for (const cb of dataAtRegion) {
-       connections.push({
-         id: cb.arn,
-         resourceType: services.codebuild,
-         relation: 'child',
-         field: 'codebuilds',
-       })
-     }
-   }
-
-   /**
+  const codebuild = data.find(({ name }) => name === services.codebuild)
+  if (codebuild?.data?.[region]) {
+    const dataAtRegion: RawAwsCodeBuild[] = codebuild.data[region].filter(
+      ({ serviceRole, resourceAccessRole }: RawAwsCodeBuild) =>
+        serviceRole === role.Arn || resourceAccessRole === role.Arn
+    )
+    for (const cb of dataAtRegion) {
+      connections.push({
+        id: cb.arn,
+        resourceType: services.codebuild,
+        relation: 'child',
+        field: 'codebuilds',
+      })
+    }
+  }
+
+  /**
    * Find any glueJob related data
    */
-    const jobs = data.find(({ name }) => name === services.glueJob)
-    if (jobs?.data?.[region]) {
-      const dataAtRegion: RawAwsGlueJob[] = jobs.data[region].filter(
-        ({ Role }: RawAwsGlueJob) =>
-        Role === role.Arn
-      )
-      for (const job of dataAtRegion) {
-        const arn = glueJobArn({ region, account, name: job.Name })
-        connections.push({
-          id: arn,
-          resourceType: services.glueJob,
-          relation: 'child',
-          field: 'glueJobs',
-        })
-      }
+  const jobs = data.find(({ name }) => name === services.glueJob)
+  if (jobs?.data?.[region]) {
+    const dataAtRegion: RawAwsGlueJob[] = jobs.data[region].filter(
+      ({ Role }: RawAwsGlueJob) => Role === role.Arn
+    )
+    for (const job of dataAtRegion) {
+      const arn = glueJobArn({ region, account, name: job.Name })
+      connections.push({
+        id: arn,
+        resourceType: services.glueJob,
+        relation: 'child',
+        field: 'glueJobs',
+      })
     }
-    
-    /**
+  }
+
+  /**
    * Find any managedAirflow related data
    */
-   const managedAirflow = data.find(({ name }) => name === services.managedAirflow)
-   if (managedAirflow?.data?.[region]) {
-     const dataAtRegion: RawAwsManagedAirflow[] = managedAirflow.data[region].filter(
-       ({ ServiceRoleArn, ExecutionRoleArn }: RawAwsManagedAirflow) =>
-       ServiceRoleArn === role.Arn || ExecutionRoleArn === role.Arn
-     )
-     for (const airflow of dataAtRegion) {
-       connections.push({
-         id: airflow.Arn,
-         resourceType: services.managedAirflow,
-         relation: 'child',
-         field: 'managedAirflows',
-       })
-     }
-   }
+  const managedAirflow = data.find(
+    ({ name }) => name === services.managedAirflow
+  )
+  if (managedAirflow?.data?.[region]) {
+    const dataAtRegion: RawAwsManagedAirflow[] = managedAirflow.data[
+      region
+    ].filter(
+      ({ ServiceRoleArn, ExecutionRoleArn }: RawAwsManagedAirflow) =>
+        ServiceRoleArn === role.Arn || ExecutionRoleArn === role.Arn
+    )
+    for (const airflow of dataAtRegion) {
+      connections.push({
+        id: airflow.Arn,
+        resourceType: services.managedAirflow,
+        relation: 'child',
+        field: 'managedAirflows',
+      })
+    }
+  }
+
+  /**
+   * Find any guardDutyDetector related data
+   */
+  const detectors = data.find(
+    ({ name }) => name === services.guardDutyDetector
+  )
+  if (detectors?.data?.[region]) {
+    const dataAtRegion: RawAwsGuardDutyDetector[] = detectors.data[
+      region
+    ].filter(
+      ({ ServiceRole }: RawAwsGuardDutyDetector) =>
+      ServiceRole === role.Arn
+    )
+    for (const detector of dataAtRegion) {
+      connections.push({
+        id: detector.id,
+        resourceType: services.guardDutyDetector,
+        relation: 'child',
+        field: 'guardDutyDetectors',
+      })
+    }
+  }
 
   return {
     [id]: connections,

src/services/iamRole/schema.graphql

@@ -19,4 +19,5 @@ type awsIamRole @key(fields: "id") {
   codebuilds: [awsCodebuild] @hasInverse(field: iamRoles)
   glueJobs: [awsGlueJob] @hasInverse(field: iamRole)
   managedAirflows: [awsManagedAirflow] @hasInverse(field: iamRoles)
+  guardDutyDetectors: [awsGuardDutyDetector] @hasInverse(field: iamRole)
 }